Corpus ID: 33996050

Measures for improving information security management in organisations: the impact of training and awareness programmes

  title={Measures for improving information security management in organisations: the impact of training and awareness programmes},
  author={Nesren Waly and R. Tassabehji and M. Kamala},
Security breaches have attracted corporate attention and major organisations are now determined to stop security breaches as they are detrimental to their success. Users’ security awareness and cautious behaviour play an important role in information security both within and outside the organisation. Arguably the most common factor contributing to these breaches is that of human behaviour towards security, which suggests that changes in human behaviour can have an impact on improving security… Expand
Encouraging Employees on Compliant Behaviours about Information Security Measures in Workplaces
The development of technology and computer use has become a critical issue with increasing national and international laws, standards and information security in the present day. Attacks onExpand
Antecedents of Employees' Information Security Awareness - Review, synthesis, and Directions for Future Research
An extensive review of the literature on ISA’s antecedents is provided with the aim to synthesize the literature and to reveal areas for further research. Expand
Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks
The findings suggest that security by compliance as a campaign to secure information assets in the Nigerian financial institution is a farfetched approach, and banking regulators should promote holistic change of security culture across the sector. Expand
Hacking a Bridge : An Exploratory Study of Compliance-based Information Security Management in Banking Organization
This work is approached through the lens of compliant security by drawing on the concepts of neutralization theory, a prominent postulation in the criminology domain and the ‘big five’ personalityExpand
Honeypots for employee information security awareness and education training: A conceptual EASY training model
Adapting the Routine Activity Theory, a criminology theory widely used in the study of cybercrime, this paper proposes a conceptual Engaging Stakeholders, Acceptable Behavior, Simple Teaching method, Yardstick training model, and explains how the model can be used to design employee information security awareness and education training. Expand
Information Security Awareness and Education Training: A Conceptual EASY Training Model”, Pages 111-130, Chapter 8, (Elsevier) Contemporary Digital Forensic Investigations Of Cloud And Mobile Applications 1 Honeypots for employee information security awareness and education training: A conceptual EA
The increasing pervasiveness of internet-connected systems means that such systems will continue to be exploited for criminal purposes by cybercriminals (including malicious insiders such asExpand
Information security awareness and behavior: a theory-based literature review
Purpose – This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for futureExpand
Influencing employees' compliance behavior towards Information Security Policy The Telesur case
ii This page is intentionally left blank iii Acknowledgements Participation in this MBA program would not be possible if some very special people within Telesur didn't believe in me. It was a veryExpand
Human Aspects of Information Security, Privacy, and Trust
The notion of using videogames, specifically Tetris, to supplement traditional authentication methods and provide an additional layer of identity validation is presented. Expand


A design theory for information security awareness
Tests of the design theory for IS security awareness training suggest that this design theory provides a useful and applicable means for developing a training program in organizations and provides empirically evaluated information regarding the obstacles to user compliance with IS security policies and instructions. Expand
Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy
The primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector. Expand
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness
The results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply, and the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance is shed. Expand
Information security policy: An organizational-level process model
An information security policy process model is developed based on responses from a sample of certified information security professionals that illustrates a general yet comprehensive policy process in a distinctive form not found in existing professional standards or academic publications. Expand
Challenges and complexities of managing information security
Global outsourcing, consumer-centricity, security compliance and legislation as emerging global business drivers have imposed new security requirements that complicate traditional perspective in security management. Expand
BORIS - Business-Oriented Management of Information Security
The present chapter aims to successfully deal with the needs of information security functions by providing a management tool which links business and information security objectives by presenting a framework which supports any information security function with a strong economic focus. Expand
SP 800-30. Risk Management Guide for Information Technology Systems
Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment, the first step in the risk managementExpand
In defense of the realm: understanding the threats to information security
  • M. Whitman
  • Engineering, Computer Science
  • Int. J. Inf. Manag.
  • 2004
This study seeks to identify and rank current threats to information security, and to present current perceptions of the level of severity these threats present and the prioritization for expenditures organizations are placing in order to protect against them. Expand
What influences IT ethical behavior intentions - planned behavior, reasoned action, perceived importance, or individual characteristics?
From the results, organizations may be able to develop realistic training programs for IT professionals and managers and incorporate deterrent and preventive measures that can curb the rising tide of undesired misuse. Expand
Knowing why and how to innovate with packaged business software
A model that explains a firm's success in terms of its adoption know-why and know-when and its implementation know-how is examined, in an exploratory survey of some 118 firms' adoption and implementation of packaged business software in the 1990s. Expand