Talib, Shuhaili and Clarke, Nathan L. and Furnell, Steven M. (2010) An analysis of information security awareness within home and work environments. In: 2010 International Conference on Availability, Reliability and Security, 15th-18th Feb. 2010, Krakow.
PDF
- Published Version
Restricted to Registered users only Download (346kB) | Request a copy |
||
|
PDF (SCOPUS)
- Supplemental Material
Download (176kB) | Preview |
|
|
PDF (WOS)
- Supplemental Material
Download (234kB) | Preview |
Abstract
As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect yourself is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations, with a few national programs focused upon home users. Given people's use of technology is primarily focused upon those two areas: the workplace and home, this paper seeks to understand the knowledge and practice relationship between these environments. Through the survey that was developed, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. It was also found that user's were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that, whilst deployed in the organization, will develop an all-round individual security culture for users independent of the environment within which they are operating.
Item Type: | Conference or Workshop Item (Plenary Papers) |
---|---|
Additional Information: | 4295/20378 |
Uncontrolled Keywords: | Information security , information security awareness , security culture , security management |
Subjects: | Q Science > Q Science (General) T Technology > T Technology (General) > T10.5 Communication of technical information |
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology Kulliyyah of Information and Communication Technology |
Depositing User: | Ms Shuhaili Talib |
Date Deposited: | 20 Feb 2012 11:52 |
Last Modified: | 10 May 2020 21:51 |
URI: | http://irep.iium.edu.my/id/eprint/20378 |
Actions (login required)
View Item |