Information Security And Employee Behaviour
DOWNLOAD
Download Information Security And Employee Behaviour PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Information Security And Employee Behaviour book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages. If the content not found or just blank you must refresh this page
Information Security And Employee Behaviour
DOWNLOAD
Author : Angus McIlwraith
language : en
Publisher: CRC Press
Release Date : 2016-05-23
Information Security And Employee Behaviour written by Angus McIlwraith and has been published by CRC Press this book supported file pdf, txt, epub, kindle and other format this book has been release on 2016-05-23 with Business & Economics categories.
Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
The Psychology Of Information Security
DOWNLOAD
Author : Leron Zinatullin
language : en
Publisher: IT Governance Ltd
Release Date : 2016-01-26
The Psychology Of Information Security written by Leron Zinatullin and has been published by IT Governance Ltd this book supported file pdf, txt, epub, kindle and other format this book has been release on 2016-01-26 with Computers categories.
The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour considers information security from the seemingly opposing viewpoints of security professionals and end users to find the balance between security and productivity. It provides recommendations on aligning a security programme with wider organisational objectives, successfully managing change and improving security culture.
Information Security And Employee Behaviour
DOWNLOAD
Author : Angus McIlwraith
language : en
Publisher: CRC Press
Release Date : 2016-05-23
Information Security And Employee Behaviour written by Angus McIlwraith and has been published by CRC Press this book supported file pdf, txt, epub, kindle and other format this book has been release on 2016-05-23 with Business & Economics categories.
Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
Cultivating And Assessing Information Security Culture
DOWNLOAD
Author : Adele Da Veiga
language : en
Publisher:
Release Date : 2013
Cultivating And Assessing Information Security Culture written by Adele Da Veiga and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2013 with categories.
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets.
Information Security Awareness
DOWNLOAD
Author : Timothy P. Layton
language : en
Publisher:
Release Date : 2005
Information Security Awareness written by Timothy P. Layton and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2005 with Business & Economics categories.
"Information Security Awareness: The Psychology Behind the Technology" is a book written for information security managers and organizational leaders. This text focuses on the behaviors of information systems users in an organizational setting and why this is critical to successful information security awareness programs. This book examines the link between employee behavior and companies'' safeguard policies and establishes that psychology is a key to lowering information security risks. The ultimate goal of all information security awareness programs from a business perspective is to change the behavior of users, resulting in fewer user-related errors that cause costly and destructive security incidents. Rather than taking a traditional technology-oriented approach the author has taken a unique method by exploring and discussing six key psychological aspects of people's behavior. Specifically, the author discusses how these phenomena relate to, and impact, an information security program. The six behavioral-oriented phenomena reviewed in this book are: motivation, attitude, beliefs, personality, morals, and ethics. These six phenomena are the basis for "The Psychology of Security and Technology" or POSTTM, a new framework he has created. Many organizations take the approach of "informing" their user community of their security policies, guidelines, and procedures. This would be described as a descriptive approach, meaning the users are told they must comply because management requires them to. Recent research in organizational psychology and information security awareness postulates that this approach is flawed. The descriptive-based approach does nothing to help the users internalize or justify the organizations requirements, therefore their attitudes and motivations will be lacking and ultimately produce undesirable results. A new prescriptive-based approach to information security awareness is presented in the book which leverages the POSTTM constructs. This new approach focuses on users internalizing information security messages and policies. The prescriptive approach leverages a person's internal drivers, which, if leveraged properly leads to a desirable outcome for the organization. The author purports the POSTTM framework is the foundation for a new set of information security awareness metrics. A series of newly developed psychological-based metrics could better target users and enable management by providing them with information they may not of otherwise had access to in the past. The POSTTM framework will yield new information that most organizations have
Fifth World Conference On Information Security Education
DOWNLOAD
Author : Lynn Futcher
language : en
Publisher: Springer
Release Date : 2007-10-27
Fifth World Conference On Information Security Education written by Lynn Futcher and has been published by Springer this book supported file pdf, txt, epub, kindle and other format this book has been release on 2007-10-27 with Computers categories.
The International Federation for Information Processing (IFIP) series publishes state-of-the-art results in the sciences and technologies of information and communication. The IFIP series encourages education and the dissemination and exchange of information on all aspects of computing. This particular volume presents the most up-to-date research findings from leading experts from around the world on information security education.
Essays On Information Security Practices In Organizations
DOWNLOAD
Author : Tejaswini Herath
language : en
Publisher:
Release Date : 2008
Essays On Information Security Practices In Organizations written by Tejaswini Herath and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2008 with categories.
Organizational employee information security behaviors have received attention in its potential role in cyber security. Recently, practitioners and academics alike have emphasized the need to evaluate end-user computer security behaviors in order to develop more secured information infrastructures. This dissertation evaluates the information security behaviors pertaining to employee security policy compliance from three different aspects with the objective of providing guidelines and implications for better design, development and implementation of information security policies in organizations. The dissertation consists of three inter-related essays, following a manuscript-based multi-essay style thesis format. The first essay evaluates the relative importance of the incentive mechanisms. This essay develops and tests a theoretical model that enhances our understanding of the incentive effects of penalties, pressures and perceived effectiveness in employee compliance to information security policies. The findings suggest that security behaviors can be influenced by both intrinsic and extrinsic motivators. The results indicate that (a) intrinsic motivation of employee perceived effectiveness of their actions plays a major role in security policy compliance, (b) pressures exerted by subjective norms and peer behaviors influence the employee behaviors, and (c) certainty of detection is found to influence security behaviors while surprisingly severity of punishment was found to have negative effect on policy compliance intentions. In the second essay, informed by the literature on Information Security (IS) adoption, protection-motivation theory, deterrence theory and organizational behavior theories, under an umbrella of Taylor-Todd's Decomposed Theory of Planned Behavior an integrated Protection, Motivation and Deterrence model of security policy compliance is developed. The essay also investigates the role of organizational commitment on employee security compliance intentions. The results suggest that (a) perceptions about the severity of breach and response efficacy are likely to affect compliance intentions by shaping attitudes; (b) organizational commitment and social influence have a significant impact on compliance intentions; and (c) resource availability is a significant factor in enhancing self-efficacy, which in turn, is a significant predictor of policy compliance intentions. The results indicate that employees in our sample underestimate the probability of security breaches. In the third essay we investigate whether the synchronization between management and employee perceptions about security values plays a role in employee security behaviors. Much of the information security literature has emphasized the mechanisms such as training and awareness and policy enforcement for creating security conscious environment for better security management. However, empirical research evaluating the effectiveness of these mechanisms in IT security is almost non existent. Moreover, researchers have argued that, if there is a misalignment between individual and organizational goals, there is a greater security threat to information security. In this context, the third essay explores several aspects of policy compliance in organizations using a dyadic approach. In an individual level model we focus on employee perception of security climate and its relation with the policy compliance behavior; and the role training and awareness and policy enforcement play in shaping the security climate perceptions of the employees. In addition, we propose a multi-level theoretical framework that considers the role of the management and employee perception alignment on the employee compliance behavior. Using a matched responses dataset we empirically assess the two models. Our findings suggest that individual employee policy compliance intentions are predicted by their security climate perceptions which in turn were highly associated with the employee perceived training and awareness as well as policy enforcement efforts in their organization. In the test of multi-level model we found that employee policy compliance intentions are mainly driven by personally held beliefs. Multiple surveys were administered to various sample groups in this research program in order to accomplish the research objectives of the three essays. A dyadic investigation approach was undertaken to understand the security policy compliance from a holistic view, which resulted in a set of interesting and insightful findings with implications to both theory and practice.
Assessing Employee Behavior Towards Information Security Measures In Academic Institutions Using Secondary Data
DOWNLOAD
Author : Mangesh Jolly
language : en
Publisher:
Release Date : 2012
Assessing Employee Behavior Towards Information Security Measures In Academic Institutions Using Secondary Data written by Mangesh Jolly and has been published by this book supported file pdf, txt, epub, kindle and other format this book has been release on 2012 with School employees categories.
Building A Cybersecurity Culture In Organizations
DOWNLOAD
Author : Isabella Corradini
language : en
Publisher: Springer Nature
Release Date : 2020-04-29
Building A Cybersecurity Culture In Organizations written by Isabella Corradini and has been published by Springer Nature this book supported file pdf, txt, epub, kindle and other format this book has been release on 2020-04-29 with Technology & Engineering categories.
This book offers a practice-oriented guide to developing an effective cybersecurity culture in organizations. It provides a psychosocial perspective on common cyberthreats affecting organizations, and presents practical solutions for leveraging employees’ attitudes and behaviours in order to improve security. Cybersecurity, as well as the solutions used to achieve it, has largely been associated with technologies. In contrast, this book argues that cybersecurity begins with improving the connections between people and digital technologies. By presenting a comprehensive analysis of the current cybersecurity landscape, the author discusses, based on literature and her personal experience, human weaknesses in relation to security and the advantages of pursuing a holistic approach to cybersecurity, and suggests how to develop cybersecurity culture in practice. Organizations can improve their cyber resilience by adequately training their staff. Accordingly, the book also describes a set of training methods and tools. Further, ongoing education programmes and effective communication within organizations are considered, showing that they can become key drivers for successful cybersecurity awareness initiatives. When properly trained and actively involved, human beings can become the true first line of defence for every organization.
Human Aspects Of Information Security And Assurance
DOWNLOAD
Author : Nathan Clarke
language : en
Publisher: Springer Nature
Release Date : 2022-07-21
Human Aspects Of Information Security And Assurance written by Nathan Clarke and has been published by Springer Nature this book supported file pdf, txt, epub, kindle and other format this book has been release on 2022-07-21 with Computers categories.
This book constitutes the proceedings of the 16th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2022, held in Mytilene, Lesbos, Greece, in July 2022. The 25 papers presented in this volume were carefully reviewed and selected from 30 submissions. They are organized in the following topical sections: cyber security education and training; cyber security culture; privacy; and cyber security management.