Prototype for Enhancing Information Security Awareness in Industry
Authors: E. Kritzinger, E. Smith
Abstract:
Human-related information security breaches within organizations are primarily caused by employees who have not been made aware of the importance of protecting the information they work with. Information security awareness is accordingly attracting more attention from industry, because stakeholders are held accountable for the information with which they work. The authors developed an Information Security Retrieval and Awareness model – entitled “ISRA" – that is tailored specifically towards enhancing information security awareness in industry amongst all users of information, to address shortcomings in existing information security awareness models. This paper is principally aimed at expounding a prototype for the ISRA model to highlight the advantages of utilizing the model. The prototype will focus on the non-technical, humanrelated information security issues in industry. The prototype will ensure that all stakeholders in an organization are part of an information security awareness process, and that these stakeholders are able to retrieve specific information related to information security issues relevant to their job category, preventing them from being overburdened with redundant information.
Keywords: Information security, information security awareness, information security awareness programs
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1329364
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1638References:
[1] Dlamini, M.T., Eloff, J.H. & Eloff, M.M., (2009). Information Security: The moving target. Computers & Security. Elsevier. Accepted 26 November 2008. Available online 11 December 2008. To be published.
[2] Ernst & Young, 2008. 2008 Global Information Security Survey: Moving beyond compliance. Available at: www.ey.com. Accessed on 17/02/2009.
[3] Dodge, R.C., Carver, C. & Ferguson, A.F., (2007). Phishing for user security awareness. Computers & Security. 26 (1): 73-80. Elsevier.
[4] Shaw, R.S., Chen, C.C., Harris, A.L. & Huang, H., (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education. 52 (2009): 92-100. Elsevier.
[5] BERR (2008). Department for business Enterprise & Regulatory Reform. 2008 Information Security Breaches Survey, Technical Report. PriceWaterhouseCoopers. Available at: www.berr.gov/sectors/infosec. Accessed on 17/02/2009.
[6] Morwood, G., (1998). Business continuity: awareness and training programmes, Information Management & Computer Security, 6(1): 28- 32. Emerald.
[7] Von Solms, S.H., (2001). Information Security - A Multidimensional Discipline, Computers & Security, 20(6): 504-508. Elsevier.
[8] Peltier, T., (2005). Implementing an Information Security Awareness Program, Security Management Practices: 37-48. Available at: http://www.itknowledgebase.net/eJournals/articles/article_synopsis.asp ?id=89329. Accessed on 21/04/2006.
[9] Rostern, J., (2005). Dangerous Devices, The Internal Auditor, 62(5): 29- 32. Institute of Internal Auditors.
[10] Theoharidou, M., Xidara, D. & Gritzalis, D., (2008). A CBK for Information Security and Critical Information Communication Infrastructure Protection. International Journal of Critical Infrastructure protection. 1 (2008): 81-96. Springer.
[11] Thomson, K. & Von Solms, R., (2005). Information Security obedience: a definition, Computers & Security, 24(1): 69-75. Elsevier.
[12] Von Solms, R. & Von Solms, S.H., (2004). The 10 deadly sins of information security management, Computers & Security, 23(5): 371- 376. Elsevier.
[13] Waint, T.L., (2005). Information security policy's impact on reporting security incidents, Computers & Security, 24(6): 448-459. Elsevier.
[14] Ashenden, D., (2008). Information Security Management: A human challenge? Information Security Technical Report. 13 (2008): 195-201. Elsevier.
[15] Williams, P., (2008). In a ÔÇÿtrusting- environment, everyone is responsible for information security. Information Security Technical Report. 13 (2008): 207-215. Elsevier.
[16] Irvine, C.E., Chin, S.C. & Frincke, D., (1998). Integrating Security into Curriculum, Computer: 31(1212): 25-30. IEEE Computer Society.
[17] CSI/FBI (2005). Computer Crime and Security Survey, Available at: www.GoCSI.com. Accessed on 12/05/2006.
[18] Wilson, M. & Hash, J., (2005). Information Technology security awareness, training, education and certification, Available at: http://www.itl.nist.gov/lab/bulletns/bltnoct03.htm. Accessed on: 12/04/2006
[19] Kritzinger, E. & Smith, E., (2008): Information security management: An information security retrieval and awareness model for industry. Computers & Security. 27 (5-6): 224-231. Elsevier.
[20] Crowley, E. (2003). Information Systems Security Curricula Development, in Proceedings of the 4th conference on IT curriculum on IT Education. p249-255. Lafayette.
[21] Hillburn, T.B., (1999). A Software Engineering Body of Knowledge Version 1.0. Technical Report, Software Engineering Institute.