IIUM Repository

An analysis of information security awareness within home and work environments

Talib, Shuhaili and Clarke, Nathan L. and Furnell, Steven M. (2010) An analysis of information security awareness within home and work environments. In: 2010 International Conference on Availability, Reliability and Security, 15th-18th Feb. 2010, Krakow.

[img] PDF - Published Version
Restricted to Registered users only

Download (346kB) | Request a copy
[img]
Preview
PDF (SCOPUS) - Supplemental Material
Download (176kB) | Preview
[img]
Preview
PDF (WOS) - Supplemental Material
Download (234kB) | Preview

Abstract

As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect yourself is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations, with a few national programs focused upon home users. Given people's use of technology is primarily focused upon those two areas: the workplace and home, this paper seeks to understand the knowledge and practice relationship between these environments. Through the survey that was developed, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. It was also found that user's were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that, whilst deployed in the organization, will develop an all-round individual security culture for users independent of the environment within which they are operating.

Item Type: Conference or Workshop Item (Plenary Papers)
Additional Information: 4295/20378
Uncontrolled Keywords: Information security , information security awareness , security culture , security management
Subjects: Q Science > Q Science (General)
T Technology > T Technology (General) > T10.5 Communication of technical information
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology
Kulliyyah of Information and Communication Technology
Depositing User: Mrs. Wan Salwati Wan Salleh
Date Deposited: 20 Feb 2012 11:52
Last Modified: 17 Oct 2019 17:07
URI: http://irep.iium.edu.my/id/eprint/20378

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year