Abstract: According to the scientific information management literature, the improper use of information technology (e.g. personal computers) by employees are one main cause for operational and information security loss events. Therefore, organizations implement information security awareness programs to increase employees’ awareness to further prevention of loss events. However, in many cases these information security awareness programs consist of conventional delivery methods like posters, leaflets, or internal messages to make employees aware of information security policies. We assume that a viral information security awareness video might be more effective medium than conventional methods commonly used by organizations. The purpose of this research is to develop a viral video artifact to improve employee security behavior concerning information technology.
Abstract: Numerous threats have been identified when using social networks. The question is whether young people are aware of these negative impacts of online and mobile technologies. Will they identify threats when needed? Will they know where to get help? Students and school children were part of a survey where their behavior and use of Facebook and an instant messaging application - MXit were studied. This paper presents some of the results. It can be concluded that awareness on security and privacy issues should be raised. The benefit of doing such a survey is that it may help to direct educational efforts from a young age. In this way children – with their parents – can strive towards more secure behavior. Educators can focus their lessons towards the areas that need attention resulting in safer cyber interaction and ultimately more responsible online use.
Abstract: Persuasive technology has been applied in marketing,
health, environmental conservation, safety and other domains and is
found to be quite effective in changing people-s attitude and
behaviours. This research extends the application domains of
persuasive technology to information security awareness and uses a
theory-driven approach to evaluate the effectiveness of a web-based
program developed based on the principles of persuasive technology
to improve the information security awareness of end users. The
findings confirm the existence of a very strong effect of the webbased
program in raising users- attitude towards information security
aware behavior. This finding is useful to the IT researchers and
practitioners in developing appropriate and effective education
strategies for improving the information security attitudes for endusers.
Abstract: The purpose of this paper is to analyze determinants of
information security affecting adoption of the Web-based integrated
information systems (IIS). We introduced Web-based information
systems which are designed to formulate strategic plans for Peruvian
government. Theoretical model is proposed to test impact of
organizational factors (deterrent efforts and severity; preventive
efforts) and individual factors (information security threat; security
awareness) on intentions to proactively use the Web-based IIS .Our
empirical study results highlight that deterrent efforts and deterrent
severity have no significant influence on the proactive use intentions
of IIS, whereas, preventive efforts play an important role in proactive
use intentions of IIS. Thus, we suggest that organizations need to do
preventive efforts by introducing various information security
solutions, and try to improve information security awareness while
reducing the perceived information security threats.
Abstract: Human-related information security breaches within organizations are primarily caused by employees who have not been made aware of the importance of protecting the information they work with. Information security awareness is accordingly attracting more attention from industry, because stakeholders are held accountable for the information with which they work. The authors developed an Information Security Retrieval and Awareness model – entitled “ISRA" – that is tailored specifically towards enhancing information security awareness in industry amongst all users of information, to address shortcomings in existing information security awareness models. This paper is principally aimed at expounding a prototype for the ISRA model to highlight the advantages of utilizing the model. The prototype will focus on the non-technical, humanrelated information security issues in industry. The prototype will ensure that all stakeholders in an organization are part of an information security awareness process, and that these stakeholders are able to retrieve specific information related to information security issues relevant to their job category, preventing them from being overburdened with redundant information.