Towards the Human Information Security Firewall

2011 ◽  
Vol 1 (2) ◽  
pp. 10-17 ◽  
Author(s):  
Rossouw von Solms ◽  
Matthew Warren
Keyword(s):  
Information Security ◽  
Case Studies ◽  
Social Systems ◽  
Real Life ◽  
Human Security ◽  
Security Awareness ◽  
Security Issues ◽  
Risk Framework ◽  
The Relationship ◽  
Security Incidents

Human security is often forgotten as a major information security factor. This paper explores the security issues that relate to human security and in particular the relationship to risk. The paper also uses case studies of real life security incidents to show the problems and issues that relate to a younger workforce and their lack of security awareness due to their own background and the use of social systems, such as Facebook. The paper also proposes a risk framework that can be used to understand human security issues.

scholarly journals Pengukuran Kesadaran Keamanan Informasi Dan Privasi Pada Pengguna Smartphone Android Di Indonesia

2018 ◽  
Vol 8 (2) ◽  
pp. 115
Author(s):  
Robbi Akraman ◽  
Candiwan Candiwan ◽  
Yudi Priyadi
Keyword(s):  
Information Security ◽  
Personal Data ◽  
Security And Privacy ◽  
Average Level ◽  
Security Issues ◽  
Secondary Use ◽  
The Many ◽  
And Behavior ◽  
Security Incidents ◽  
Awareness Level

Based on statistical data, it is known that Android is the most popular smartphone with the largest number of users in the world, which is about 1.8 billion users. The high number of users also invite the many cases of information security and privacy caused by the lack of awareness of the user such as : spam, spoofing/phising, network incident, malware, uploading something personal data such as photos, phone numbers, addresses or having no antivirus. This study aims to find out about the awareness of the security of information and privacy of Android smartphone users by doing measurement of problem. The awareness has  some dimensions such as attitude, knowledge and behavior with the seven focus areas of information security namely trust in app repository, misconception about app testing, security and agreement message, pirated application, adoption Security control, spam sms and report of security incidents and three focus areas of privacy are perceived surveillance, perceived intrusion, secondary use of information. This research uses analytical hierarchy process (AHP) to measure the level of awareness of information security and privacy of smartphone users. Overall, the results of the research show that information security has an average level of awareness (71%) but the focus area of report for security incidents has a poor level of awareness (37%) this occur because users prefer to solve their own information security issues experienced and privacy has an average level of awareness (76%). However, for secondary use of information in attitude dimension has low awareness level (66%). Based on the results of this study, it can be concluded that smartphone users in Indonesia have a poor awareness level in maintaining security and privacy of their information. 

Exploring the relationship between student mobile information security awareness and behavioural intent

2015 ◽  
Vol 23 (4) ◽  
pp. 406-420 ◽  
Author(s):  
Bukelwa Ngoqo ◽  
Stephen V. Flowerday
Keyword(s):  
Information Security ◽  
Mobile Phone ◽  
Undergraduate Students ◽  
Security Awareness ◽  
Human Errors ◽  
Content Type ◽  
Information Security Awareness ◽  
Student Information ◽  
Key Aspects ◽  
The Relationship

Purpose – The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa. Design/methodology/approach – Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle. Findings – The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises. Originality/value – Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

scholarly journals A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

2017 ◽  
Vol 21 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Tara Zwaans ◽  
...  
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Cultural Changes ◽  
Information Security Awareness ◽  
Training Interventions ◽  
Human Aspects ◽  
Current State ◽  
Awareness Programs ◽  
Test Retest Reliability ◽  
Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

scholarly journals Security Awareness Level Evaluation of Healthcare Participants Through Educational Games

2021 ◽  
Vol 8 (3) ◽  
pp. 25-41
Author(s):  
Mario A. Pulido ◽  
Chris W. Johnson ◽  
Ahmed Alzahrani
Keyword(s):  
Information Security ◽  
Educational Games ◽  
Security Policies ◽  
Healthcare Personnel ◽  
Development Theory ◽  
Security Awareness ◽  
Board Game ◽  
Acceptable Use Policy ◽  
Security Incidents ◽  
Awareness Level

The purpose of this paper consists of implementing an educational board game to evaluate the information security awareness level of healthcare personnel. The National Health Service Greater Glasgow and Clyde (NHSGGC) Information Security Acceptable Use Policy was used as a basis to generate the educational content of the board game and Lev Vygotsky’s social development theory was followed for the learning process of the participants. Two evaluations were carried out during this study. The results obtained during the first evaluation showed that it is fundamental to design the board game based on a set of rules in information security enacted by an organization to properly guide the participants with the knowledge they need to counter security incidents. The second evaluation showed that redesigning the content of the board game based on the information security policies of the NHSGGC, resulted in a more effective way of guiding participants on the procedures required for compliance with the policies of this health institution and offer them an understanding of the risks behind security incidents. This was demonstrated during this evaluation since the results obtained gave an approximation that it is possible to increase the level of awareness of information security in people regardless of their area of work or studies.

scholarly journals STRESS AS A MEDIATOR BETWEEN RISK AND PROTECTIVE FACTORS AND ONLINE RISKY BEHAVIORS IN ADOLESCENTS

2021 ◽  
Vol 14 (2) ◽  
pp. 149-171
Author(s):  
Tena Velki ◽  
Marija Milić
Keyword(s):  
Life Satisfaction ◽  
Information Security ◽  
Risky Behavior ◽  
Protective Factor ◽  
Real Life ◽  
Risky Behaviors ◽  
Security Awareness ◽  
Information Security Awareness ◽  
Mediating Role

Objective: the aim of the study was to examine the mediating role of stress in associations between online risky behavior and three factors, namely, real-life risky behaviors and information security awareness as risk factors, and life satisfaction as a protective factor. Method: participants were university students (N=883, 40.5% male, and 59.5% female) with an average age of M=21.93 years (SD=4.29). They filled out the Users’ Information Security Awareness Questionnaire, Youth self-reported delinquency and risk behaviors questionnaire, Life satisfaction scale and Perceived Stress Scale. Result: Mediational analysis revealed a mediating role of stress: stress had a partially mediating role in the association between real-life risky behaviors and online risky behavior, making the association stronger. However, stress had a fully mediating role in the association between life satisfaction and online risky behavior, that is, the association was non-significant in the presence of stress. Conclusions: Overall results indicate that stress experienced in real-life situations can be a trigger for online risky behavior in adolescents. Under stressed conditions, adolescents choose to focus on negative outcomes more frequently because they refocus their cognitive resources on emotion regulation and leave inhibitory processes necessary to prevent risky behaviors uncontrolled.

Predicting information security culture among employees of telecommunication companies in an emerging market

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Nurul Asmui Azmi Md Azmi ◽  
Ai Ping Teoh ◽  
Ali Vafaei-Zadeh ◽  
Haniruzila Hanifah
Keyword(s):  
Information Security ◽  
Emerging Market ◽  
Mediating Effect ◽  
Security Awareness ◽  
Content Type ◽  
Security Culture ◽  
Information Security Awareness ◽  
The Relationship ◽  
Information Security Culture ◽  
Telecommunications Companies

Purpose The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees. Design/methodology/approach A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3. Findings Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture. Research limitations/implications The study was cross-sectional in nature. Therefore, it could not measure changes in population over time. Practical implications The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture. Originality/value This is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.

scholarly journals Informacijos saugumo valdymas Lietuvos viešajame sektoriuje

2011 ◽  
Vol 57 ◽  
pp. 7-25 ◽  
Author(s):  
Saulius Jastiuginas
Keyword(s):  
Information Security ◽  
Scientific Information ◽  
Security Management ◽  
Modern Society ◽  
Information Security Management ◽  
Security Breaches ◽  
Common Information ◽  
Security Issues ◽  
Lack Of Information ◽  
Security Incidents

Informacijos saugumas tampa vis aktualesnis šiuolaikinėje visuomenėje. Dažniausiai informacijos saugumo problematika išryškėja įvykus informacijos saugumo incidentams ar pažeidimams, todėl suprantama, kad visame pasaulyje augantis informacijos saugumo pažeidimų skaičius ir dėl jų patiriamų nuostolių mastai įvardijami kaip vienas iš pagrindinių informacijos saugumo problemų egzistavimo rodiklių. Vertinant nuolatinį šių problemų pobūdį, galima daryti prielaidą, kad trūksta sisteminio požiūrio į informacijos saugumo valdymą. Užsienio šalių mokslininkai informacijos saugumo valdymo problematiką nagrinėja įvairiais strateginio, žmogiškojo veiksnio bei technologinio požiūrio aspektais; išskiriamas problematikos specifiškumas organizacijų, valstybės bei tarptautiniu lygmeniu, tačiau Lietuvoje informacijos saugumo valdymo mokslinis ištirtumas tebėra menkas. Siekiant išryškinti informacijos saugumo valdymo formavimosi Lietuvoje ypatumus tarptautiniame kontekste, straipsnyje teorinės užsienio ir Lietuvos mokslininkų informacijos saugumo valdymo paradigmos jungiamos į sisteminę informacijos saugumo valdymo koncepciją, o atliktas tyrimas leido įvertinti Lietuvos viešojo sektoriaus informacijos saugumo valdymo būklę ir suformuoti tolimesnių mokslinių tyrimų prielaidas.Pagrindiniai žodžiai: informacijos saugumas, informacijos saugumo valdymas, informacijos saugumo valdymo koncepcija, saugumo standartai, saugumo reikalavimai, informacinės sistemos, valstybės registrai, valstybės institucijos, viešasis sektorius.Information Security Management in Lithuania’s Public SectorSaulius Jastiuginas SummaryInformation security is becoming more and more important in modern society. The most common information security issues become apparent when information security incidents or violations occur. Worldwide growth in the number of security breaches and losses are the major indicators showing that there is a lack of systematic approach to information security management.Solution of practical problems requires the use of scientific approaches. Among academic researchers, a number of studies that focus on various aspects of information security management have emerged in recent years. Scientists are exploring the issues of information security management in various strategic, technological and human factor issues that also deals with the problems of organizations, national and international levels.Currently, in Lithuania is a lack of information security management research. In order to highlight the information security management characteristics of Lithuania in an international context, this paper combines a theoretical foreign and Lithuanian scientific information security management insights into the systemic information security management concept.This article also contains the results of the study, which allowed an assessment of the situation in Lithuania’s public sector information security management and creates preconditions for further research.

scholarly journals THE DOMINANT FACTOR FOR IMPROVING INFORMATION SECURITY AWARENESS

2019 ◽  
Vol 38 (3) ◽  
pp. 490-498
Author(s):  
Iffah Budiningsih ◽  
Tjiptogoro Dinarjo Soehari ◽  
Irwansyah Irwansyah
Keyword(s):  
Information Security ◽  
Communication Technology ◽  
Organizational Support ◽  
Information Access ◽  
Dominant Factor ◽  
Security Awareness ◽  
Information Communication ◽  
Information Security Awareness ◽  
The Relationship ◽  
Research Show

The advancement of science and technology especially in the field of Information Communication Technology (ICT) is characterized by the availability of information access faster, easier, convenient, but also vulnerable to try to steal (tap) and modify information. This study aims to determine the relationship between organizational support perception, competence, and motivation with information security awareness. The survey involved a population of 324 people affordable employees in local government that handling information systems in 33 provinces. The sample was taken 140 people by stratified proportional random sampling. The data were collected using a questionnaire and analyzed using multiple regression. The results of the research show: (1) Information security awareness is influenced positively and significantly by the organizational support perception, competence and motivation, (2) The competence is the dominant factor that influences the information security awareness compared to the organizational support perception  and motivation, (3) Information security awareness can improve by competencies of knowledge, skill, attitude continuously and tiered, and  the model instructional awareness training developed by ‘Schultz’ can be used to improve the attitude or character of  information security awareness.

scholarly journals Exploring the Relationship between Internal Information Security, Response Cost and Security Intention in Container Shipping

2021 ◽  
Vol 11 (6) ◽  
pp. 2609
Author(s):  
Hsin-Wei Wang ◽  
Szu-Yu Kuo ◽  
Liang-Bi Chen
Keyword(s):  
Factor Analysis ◽  
Information Security ◽  
Discriminant Validity ◽  
Equation Modeling ◽  
Security Awareness ◽  
Container Shipping ◽  
Response Cost ◽  
Information Security Awareness ◽  
Organizational Information ◽  
The Relationship

This study empirically investigates the influence of information security marketing and response cost on employees’ information security intention in the container shipping industry. Survey data were collected from 285 respondents in Taiwan. Exploratory factor analysis was employed to identify all the measures to be summarized in a relative set. Confirmatory factor analysis was utilized to ensure every measure’s construct’s convergent and discriminant validity. Structural equation modeling was carried out to the proposed model in this article. The results indicate that organizational information security marketing has a positive impact on information security intention. Furthermore, this study conducted hierarchical regression to examine the moderating effects of information security awareness and information security climate. In particular, information security awareness significantly influenced the relationships between organizational information security marketing, response cost, and information security intention. Moreover, information security climate moderated the relationship between response cost and information security intention. This article concludes by discussing these theoretical and practical findings and implications.

Sign in / Sign up

Export Citation Format

Share Document