Open Access Open Access  Restricted Access Subscription Access

An Effective Method for Information Security Awareness Raising Initiatives


Affiliations
1 Petra University, Jordan
2 Liverpool John Moores University, United Kingdom
 

Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their activities and provide E-Services for their customers. In the process, whether they know it or not, those organizations are also opening themselves up to the risk of information security breaches. Therefore protecting an organization's ICT infrastructure, IT systems, and Data is a vital issue that is often underestimated. Research has shown that one of the most significant threats to information security comes not from external attack but rather from the system's users, because they are familiar with the infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only technological solutions to protect an organization's assets is not enough; there is a need to consider the human factor by raising users' security awareness. Our contribution to this problem is to propose an Information Security Awareness Program that aims at raising and maintaining the level of users' security awareness. This paper puts forward a general model for an information security awareness program and describes how it could be incorporated into an organization's website through the process of development life cycle.

Keywords

Information Security Awareness Program, E-Business, Security Policy, Security Culture.
User
Notifications
Font Size

Abstract Views: 324

PDF Views: 271




  • An Effective Method for Information Security Awareness Raising Initiatives

Abstract Views: 324  |  PDF Views: 271

Authors

Ali Maqousi
Petra University, Jordan
Tatiana Balikhina
Petra University, Jordan
Michael Mackay
Liverpool John Moores University, United Kingdom

Abstract


Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their activities and provide E-Services for their customers. In the process, whether they know it or not, those organizations are also opening themselves up to the risk of information security breaches. Therefore protecting an organization's ICT infrastructure, IT systems, and Data is a vital issue that is often underestimated. Research has shown that one of the most significant threats to information security comes not from external attack but rather from the system's users, because they are familiar with the infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only technological solutions to protect an organization's assets is not enough; there is a need to consider the human factor by raising users' security awareness. Our contribution to this problem is to propose an Information Security Awareness Program that aims at raising and maintaining the level of users' security awareness. This paper puts forward a general model for an information security awareness program and describes how it could be incorporated into an organization's website through the process of development life cycle.

Keywords


Information Security Awareness Program, E-Business, Security Policy, Security Culture.