The public information systems security program

The high cost of information security breaches increases the importance of information security for all organizations. The organizations need to educate their employees in order to protect their information assets. Public enterprises and governmental organizations that provide information services to citizens need to protect their services. This paper reports on the use of design-based research [1] as an approach to develop an information systems security program for public enterprises and governmental organizations in Turkey. The program is composed of three major projects: information security certification program (training project), documentation project and risk analysis project. This paper focuses on the training project only.