DocumentCode :
1830565
Title :
Improving Organisational Information Security Management: The Impact of Training and Awareness
Author :
Waly, Nesren ; Tassabehji, Rana ; Kamala, Mumtaz
Author_Institution :
Sch. of Comput., Inf. & Media, Bradford Univ., Bradford, UK
fYear :
2012
fDate :
25-27 June 2012
Firstpage :
1270
Lastpage :
1275
Abstract :
Security breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect of information security and their impact on organisation´s network integrity. This research aims to study the critical success factors (CSF) for employees in order to comply with the organisational information security policy with a view to mitigating security breaches. Information security can be managed through three separate mechanisms: organisational factors, behavioural factors and training. Each of these elements impact differently on information security and comprehensive solutions include combinations of all three. The findings provide empirically evaluated information regarding the obstacles and the effective factors in employees´ compliance with the implementation of the information security policy. The identified categories of factors are followed differently by employees working in Health, Business and Education. Questionnaire analysis as part of this study suggests that employees in the health sector comply the most in adhering with information security policy as compared to other sectors. One of the reasons for this is that health sector employees have better awareness, robust communication and effective training programmes with reinforcement and satisfaction. Moreover, employees in the health sector believe in the norms of security policies and have a positive attitude, as they recognise the significance of security policies, unlike the business and education sectors.
Keywords :
behavioural sciences; organisational aspects; personnel; security of data; training; behavioural factors; business sector; critical success factors; education sector; employee compliance; global technology industry; health sector employees; information security awareness; organisation network integrity; organisational factors; organisational information security management; organisational information security policy; personal data; security breaches; training programmes; Humans; Information security; Training; Information security; awareness; compliance; quantitative research; security behaviour; training and awareness programme;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems (HPCC-ICESS), 2012 IEEE 14th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2164-8
Type :
conf
DOI :
10.1109/HPCC.2012.187
Filename :
6332323
Link To Document :
بازگشت