论文信息 - Information Security Awareness and Culture

Information Security Awareness and Culture

Users from diverse background and culture are incredibly joining the Internet. At the same time, Internet threats have become sophisticated. Users’ systems and Information must be kept protected from any kind of threats. However, the threat could be come from the user himself due to his practice with his system or information. Human factor is a crucial issue in the chain of the security and every part of the security chain must be strong because any weakness at any part will make the chain broken as a whole. Users must be aware of system threats and what practice must be adhered in order to keep the system and information protected. Therefore, measuring the awareness of end users from diverse backgrounds was one of the aims of this research. Another aim was to investigate if alerted users are practising their knowledge. In order to reach that, a questionnaire was designed and published online. The survey was opened for a month in duration and more than 200 persons contributed to the research and volunteer their answers. The main finding of this study is that users who had previously attended security course are more aware about information threats. Nevertheless, their practices with information are not differed from those who have no knowledge. Moreover, incompetent users are often unconscious of their needs. In addition, cultural factor is clearly present in the security practices especially in the confidential matters.

Saudi Arabia | Yasser Al-Shehri | S. Arabia | Y. Al-Shehri

[1] Steven Furnell,et al. Assessing the security perceptions of personal Internet users , 2007, Comput. Secur..

[2] R. Solms,et al. Cultivating an organizational information security culture , 2006 .

[3] S. Furnell. End-user security culture: A lesson that will never be learnt? , 2008 .

[4] Kai A. Olsen,et al. Computer and society , 1984, CSOC.

[5] Sebastiaan H. von Solms,et al. Information Security - The Third Wave? , 2000, Comput. Secur..

[6] Mikko T. Siponen,et al. A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[7] Mikko T. Siponen,et al. Five dimensions of information security awareness , 2001, CSOC.

[8] Dieter Gollmann,et al. Computer Security , 1979, Lecture Notes in Computer Science.

[9] Q Tu,et al. INFORMATION MANAGEMENT AND COMPUTER SECURITY , 2001 .

[10] Hennie A. Kruger,et al. A prototype for assessing information security awareness , 2006, Comput. Secur..