Information Security Awareness Policy
Farooq et al., (2018) explained the need for information security awareness and also identified the information security concerns among students of the university. The author explained information security awareness as a defence against the continuously growing information security threats and it makes the users able to understand their roles and responsibilities in the information security process. To identify the various information security concerns, the author has conducted a survey on 417 students of Finnish university and collected data from these students. From the survey, the author concluded that most of the information security concerns are related to the social networks and service providers are at the highest level of concern. The author suggested that educational institutes must implement and improve the current information security awareness program in order to generate information security awareness among students with the purpose to overcome and mitigate these information security issues.
B. Kim, (2014) describes the importance of information security awareness program for students of colleges. The author conducted the survey on the college students to investigate the status of the information security awareness policy for the purpose to establish ISAT (Information Security Awareness Training). According to the author, most of the college students are using information systems at the college or universities and they should be fully aware of the information security policies followed by their universities or colleges. The author also reveals that information security awareness is very significant for students because, without the awareness of information security policy, students are not able to understand the risks associated with the use of information systems. As per the author’s perspective, Information system users can minimize the faults in the security techniques or procedures and increase the efficiency of these techniques by increasing the information security awareness. The author illustrates that the main objective of information security awareness program is to increase the security of the information system in order to protect the information and systems. The author had followed the questionnaire approach which was conducted on the 350 graduate and undergraduate students. The result of this survey clearly defined that the most of the students are aware of information security policies and need of information security awareness training which provides training to students on information security policies in order to provide awareness and to teach them the required information security skills. Apart from it, the author also provided some recommendations for ISAT. In this research, the author provides various guidelines to the colleges or universities who want to implement or improve information security awareness training for their students. In this way, the selected article completely illuminates my bibliography topic.
The journal article of (Tsohou, Karyda & Kokolakis, 2015) is about the role of cultural and cognitive biases in information security policies. The author also explored the concept of information security awareness program which helps to provide awareness in individuals about the information security policies and provides some practical recommendations for information security awareness programs. The author states that information security programs have become the main requirement of information security management in order to address regulatory compliance requirements and make the users able to comply with information security policies. The author described the information security awareness program as the group of activities which aims to generate awareness among the users about the security policies and security issues. The author also addressed the various factors that affect information security policy compliance. Information security awareness is also one of those factors. Moreover, this article also explores the biases and heuristics with the help of a conceptual framework that affect information security behaviour and risk perceptions. According to the author, these biases can be addressed by implementing the security awareness program. In this study, the main aim of the author is to enable the design of efficient ISA program which can help to foster the compliance of users with information security policies. The author also identified the target participants of the ISA program such as technical personnel, top management, contractors, vendors, employees, etc. According to the author, ISA programs are very important for organizations because these programs help them to make sure that the employees or other stakeholders comply with the information security procedures and ISPs
Tsohou et al., (2015) describes the role of information security awareness program in organizations. To find out the various challenges of managing the information security awareness programs, the author has conducted a literature survey on reputed journals. According to the literature survey, there are various challenges associated with information security awareness program such as limited budget allocated for security awareness program, the limited functionality of these programs, the behaviour of individuals, etc. This study is based on the interview performed on twelve participants including the top manager, executive managers of various divisions, clerical top manager and directors of the organization. In order to study and manage the changes formed in the organisations by the implementation of the implementation of information security awareness policies, the author has conducted the action research and proposed an integrated theoretical framework which is the combination of three different theories that are structuration theory, action network theory (ANT) and theory of contextualism. The author states that this proposed framework can be used to study and manage the changes made by information security awareness programs at the technological, organizational and individual level. The selected article is completely relevant to my bibliography topic as it explains the concept of information security program in organizations.
Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2015). Managing the introduction of information security awareness programmes in organisations. European Journal of Information Systems, 24(1), 38-58. doi: 10.1057/ejis.2013.27
Tsohou, A., Karyda, M., & Kokolakis, S. (2015). Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs. Computers & security, 52, 128-141.
Kim, E. (2014). Recommendations for information security awareness training for college students. Information Management & Computer Security, 22(1), 115-126. doi: 10.1108/imcs-01-2013-0005
Farooq, A., Alifov, S., Virtanen, S., & Isoaho, J. (2018). Towards Comprehensive Information Security Awareness: A Systematic Classification of Concerns among University Students. HCI 2018. doi: 10.14236/ewic/hci2018.117