Building an Information Technology Security Awareness and Training Program

Wilson, Mark G.; Hash, Joan

doi:10.6028/nist.sp.800-50

Cited by 150 publications

(120 citation statements)

References 0 publications

Supporting

Mentioning

111

Contrasting

Unclassified

Order By: Relevance

“…On the other hand, Wilson and Harsh defined security education as a process that employees acquire knowledge and technology to perform security activity in preparation for new technologies and threats that might happen [13]. In other words, security education can be defined as an "activity to acquire and practice knowledge on security activities that are required on business in order to prevent and respond to the security incident that are caused by technological change and new threats and intended or unintended behaviors of employees.…”

Section: Security Educationmentioning

confidence: 99%

A Research on Security Education Framework for Employee’s Behavior Change

Kim¹,

Song²,

Kim³

2018

IJIET

View full text Add to dashboard Cite

Abstract-The development of information technology has a positive impact on business environment and at the same time, a negative impact on various security threats. Organizations try to implement various countermeasures for preventing security incident. However they tend to rely on technical security solution and security incidents are not possible to prevent completely. Recently, People Centric Security as a new approach has become an issue and the security education for changing the behavior of employees is emphasized. However, most organizations have difficulty in expecting any changes in behavior of employees because security education regards as a formal activity for compliance. Moreover, few previous security education-related researches studied the relevance of the educational contents necessary for employees with the behavioral changes in students and security experts. The purpose of this research is to provide security education framework for employee's behavior change based on pedagogy and social psychology. In addition, some future researches that overcome the limitation of this research for effective security education program were proposed.Index Terms-Security education, social psychology, people centric security.

show abstract

Section: Security Educationmentioning

confidence: 99%

A Research on Security Education Framework for Employee’s Behavior Change

Kim¹,

Song²,

Kim³

2018

IJIET

View full text Add to dashboard Cite

show abstract

“…The National Institute of Standards and Technology (NIST) developed a framework that aims to guide the development of an Information Technology (IT) security programme [24]. This paper identifies the urgent need for an enforced awareness programme to create Internet security awareness among Nigerians.…”

Section: Developing the Awareness Programmementioning

confidence: 99%

The urgent need for an enforced awareness programme to create internet security awareness in nigeria

Adelola

Dawson

Batmaz

2015

Proceedings of the 17th International Conference on Information Integration and Web-Based Applications &Amp; Services

View full text Add to dashboard Cite

“…The effectiveness of these efforts determines the effectiveness of the awareness training program. The successful awareness training program consists of developing ISS policy that reflects the best practices for protecting ISS, informing employees about their responsibilities toward protecting ISS according to the organization procedures and ISS policy, and processes to monitor and review the program (Wilson and Hash, 2003). Hansche (2001) has suggested that the good ISSA program should be designed with taking in account the following points:…”

Section: Information Systems Security (Iss) and The Human Involvementmentioning

confidence: 99%

Evaluation of Information Systems Security Awareness in Higher Education: An Empirical Study of Kuwait University

Al‐Alawi¹,

Al-Kandari²,

Abdel-Razek³

2016

JIBBP

View full text Add to dashboard Cite

The purpose of this study is to evaluate the levels of knowledge, attitude, and behavior of the end-user regarding Information Systems Security Awareness (ISSA) in higher education, specifically Kuwait University (KU), and to identify the areas which require attention. Factors such as knowledge, attitude and behavior affecting human awareness were identified and the Value-Focus-Thinking was used to identify Information Systems Security (ISS) focus-areas. The six ISS Focus-Areas were obtained such as commitment to ISS policy; effective use of passwords; safe usage of Internet and e-mail; being aware of ISS threats; backing up the important files; and required updates for operating system and antivirus programs. Furthermore, a questionnaire was designed based on the human awareness factors and the ISS focus-areas. The research population included the end-users of KU colleges. The study presents useful results for decision-makers in the field of ISS, to identify recent findings regarding the level of ISSA among end-users, and in order to develop better strategies to implement the required solutions such as training programs. In addition to the organizations, this study through concentrating on ISSA may assist individuals to protect their personal data privacy during their use of computers. The study recommends few relevant actions to improve the long term levels of knowledge, attitude and behavior, with the priority for improving attitude due to its identified poor level. Regarding the KU colleges, the study recommends giving priority to improvements to the seven colleges that had poor levels of ISSA.

show abstract

Building an Information Technology Security Awareness and Training Program

Cited by 150 publications

References 0 publications

A Research on Security Education Framework for Employee’s Behavior Change

A Research on Security Education Framework for Employee’s Behavior Change

The urgent need for an enforced awareness programme to create internet security awareness in nigeria

Evaluation of Information Systems Security Awareness in Higher Education: An Empirical Study of Kuwait University

Contact Info

Product

Resources

About