• DocumentCode
    1830565
  • Title

    Improving Organisational Information Security Management: The Impact of Training and Awareness

  • Author

    Waly, Nesren ; Tassabehji, Rana ; Kamala, Mumtaz

  • Author_Institution
    Sch. of Comput., Inf. & Media, Bradford Univ., Bradford, UK
  • fYear
    2012
  • fDate
    25-27 June 2012
  • Firstpage
    1270
  • Lastpage
    1275
  • Abstract
    Security breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect of information security and their impact on organisation´s network integrity. This research aims to study the critical success factors (CSF) for employees in order to comply with the organisational information security policy with a view to mitigating security breaches. Information security can be managed through three separate mechanisms: organisational factors, behavioural factors and training. Each of these elements impact differently on information security and comprehensive solutions include combinations of all three. The findings provide empirically evaluated information regarding the obstacles and the effective factors in employees´ compliance with the implementation of the information security policy. The identified categories of factors are followed differently by employees working in Health, Business and Education. Questionnaire analysis as part of this study suggests that employees in the health sector comply the most in adhering with information security policy as compared to other sectors. One of the reasons for this is that health sector employees have better awareness, robust communication and effective training programmes with reinforcement and satisfaction. Moreover, employees in the health sector believe in the norms of security policies and have a positive attitude, as they recognise the significance of security policies, unlike the business and education sectors.
  • Keywords
    behavioural sciences; organisational aspects; personnel; security of data; training; behavioural factors; business sector; critical success factors; education sector; employee compliance; global technology industry; health sector employees; information security awareness; organisation network integrity; organisational factors; organisational information security management; organisational information security policy; personal data; security breaches; training programmes; Humans; Information security; Training; Information security; awareness; compliance; quantitative research; security behaviour; training and awareness programme;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems (HPCC-ICESS), 2012 IEEE 14th International Conference on
  • Conference_Location
    Liverpool
  • Print_ISBN
    978-1-4673-2164-8
  • Type

    conf

  • DOI
    10.1109/HPCC.2012.187
  • Filename
    6332323