A Model for Evaluating Information Security with a Focus on the User

This study presents a theoretical model to evaluate the level of information security in an organisational environment with a focus on the knowledge, attitudes and behaviour of the end-user, identifying the level and origin of the gap between the information security guidelines laid down by the company and the actual practices of its internal staff, third party partners and suppliers. The model is designed to assist in meeting the objectives and policies set for the management of information security by senior management and contributes to maintaining an effective training programme as well as to raising awareness on information security.

[1]  Eberhard von Faber Measuring Information Security: Guidelines to Build Metrics , 2009, ISSE.

[2]  Eirik Albrechtsen,et al.  The information security digital divide between information security managers and users , 2009, Comput. Secur..

[3]  Vincent S. Lai,et al.  Evaluating end-user training programs , 2005, CACM.

[4]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[5]  William J. Doll,et al.  The Measurement of End-User Computing Satisfaction , 1988, MIS Q..

[6]  Erdem Uçar,et al.  The positive outcomes of information security awareness training in companies - A case study , 2009, Inf. Secur. Tech. Rep..

[7]  Konstantin Beznosov,et al.  On the imbalance of the security problem space and its expected consequences , 2007, Inf. Manag. Comput. Secur..

[8]  Kamphol Wipawayangkool Strategic Role of Human Resource Management in Information Security Management , 2010, AMCIS.

[9]  Sherly Abraham,et al.  Information Security Behavior: Factors and Research Directions , 2011, AMCIS.

[10]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[11]  Ali Alper Yayla Controlling insider threats with information security policies , 2011, ECIS.

[12]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[13]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[14]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[15]  Jan H. P. Eloff,et al.  Information security: The moving target , 2009, Comput. Secur..