Improving Organisational Information Security Management: The Impact of Training and Awareness

Waly, Nesren; Tassabehji, Rana; Kamala, Mumtaz

doi:10.1109/hpcc.2012.187

Cited by 17 publications

(21 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It reflects the individual's personal beliefs about his or her ability to comply with the ISP (Bulgurcu et al, 2010;Dinev et al, 2009;Herath andRao, 2009a, 2009b;Ifinedo, 2012;Johnston et al, 2010;Johnston and Warkentin, 2010;Pahnila et al, 2007aPahnila et al, , 2007bSiponen et al, 2007;2010;Warkentin et al, 2011). In contrast, controllability represents an individual's perception about available resources and opportunities to actually comply with ISP (Al-Omari et al, 2012a, 2012bHu and Dinev, 2007). Some authors used a combination of the two constructs to conceptualize PBC (Hu and Dinev, 2007;Zhanf et al, 2009).…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Information security awareness and behavior: a theory-based literature review

Lebek

Uffen

Neumann³

et al. 2014

Management Research Review

183

130

View full text Add to dashboard Cite

For AuthorsIf you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information. About Emerald www.emeraldinsight.comEmerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services.Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. Design/methodology/approach -This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees' IS security behavior is introduced by assembling the core constructs of the used theories. Findings -The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on employees' security behavior is presented.Research limitations/implications -Some relevant publications might be missing within this literature review due to the selection of search terms and/or databases. However, by conduction a forward and a backward search, this paper has limited this error source to a minimum. Practical implications -This study presents an overview of determinants that have been proven to influence employees' behavioral intention. Based thereon, concrete training and awareness measures can be developed. This is valuable for practitioners in the process of designing Security Education, Training and Awareness (SETA) programs. Originality/value -This paper presents a comprehensive up-to-date overview of existing academic literature in the field of employees' security awareness and behavior research. Based on a developed meta-model, research gaps are identified and implications for future research are worked out.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Technology acceptance model: In the security awareness context, the TAM determines the employees' intention to comply with ISP, which is influenced by perceived usefulness (PU) and perceived ease-of-use (PEOU) of information security measures (Al-Omari et al, 2012a, 2012b.…”

mentioning

confidence: 99%

Information security awareness and behavior: a theory-based literature review

Lebek

Uffen

Neumann³

et al. 2014

Management Research Review

183

130

View full text Add to dashboard Cite

show abstract

“…Other works that explored the theory of planned behaviour [21,22] suggested that training and awareness are the most significant factors that influence human behaviour and attitude towards information security. It was argued that attitude, perceived expectation and subjective norm are the incentive components of behavioural intention.…”

Section: Relevant Workmentioning

confidence: 99%

Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

Fagade

Tryfonas

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Even though the number of information security awareness training programs are growing progressively, there is inadequate evidence to verify their effectiveness and impact on daily activities in a work environment [21]. Literature [6] [13] has stated that some of the information security awareness training programs are not effective enough.…”

Section: Introductionmentioning

confidence: 99%

“…Literature [21] stated that it is essential to increase the effectiveness of information security awareness training programs by encouraging employees to make effort in transferring the skills learned to their daily job activities. It is important to understand and emphasize the factors that differentiate effective trainings from ineffective trainings.…”

Section: Introductionmentioning

confidence: 99%

Awareness Training Transfer and Information Security Content Development for Healthcare Industry

Ghazvini¹,

Shukur²

2016

ijacsa

View full text Add to dashboard Cite

Abstract-Electronic Health Record (EHR) becomes increasingly pervasive and the need to safeguard EHR becomes more vital for healthcare organizations. Human error is known as the biggest threat to information security in Electronic Health Systems that can be minimized through awareness training programs. There are various techniques available for awareness of information security. However, research is scant regarding effective information security awareness delivery methods. It is essential that effective awareness training delivery method is selected, designed, and executed to ensure the appropriate protection of organizational assets. This study adapts Holton's transfer of training model to develop a framework for effective information security awareness training program. The framework provides guidelines for organizations to select an effective delivery method based on the organizations' needs and success factor, and to create information security content from a selected healthcare's internal information security policy and related international standards. Organizations should make continual efforts to ensure that content of policy is effectively communicated to the employees.

show abstract

Improving Organisational Information Security Management: The Impact of Training and Awareness

Cited by 17 publications

References 22 publications

Information security awareness and behavior: a theory-based literature review

Information security awareness and behavior: a theory-based literature review

Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

Awareness Training Transfer and Information Security Content Development for Healthcare Industry

Contact Info

Product

Resources

About