Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their activities and provide E-Services for their customers. In the process, whether they know it or not, those organizations are also opening themselves up to the risk of information security breaches. Therefore protecting an organization's ICT infrastructure, IT systems, and Data is a vital issue that is often underestimated. Research has shown that one of the most significant threats to information security comes not from external attack but rather from the system's users, because they are familiar with the infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only technological solutions to protect an organization's assets is not enough; there is a need to consider the human factor by raising users' security awareness. Our contribution to this problem is to propose an Information Security Awareness Program that aims at raising and maintaining the level of users' security awareness. This paper puts forward a general model for an information security awareness program and describes how it could be incorporated into an organization's website through the process of development life cycle.
Keywords
Information Security Awareness Program, E-Business, Security Policy, Security Culture.
User
Font Size
Information