Enhancing Security Culture through User-Engagement: An Organisational Perspective

Enhancing Security Culture through User-Engagement: An Organisational Perspective

Said Jafari (Institute of Finance Management, Dar es Salaam, Tanzania)
DOI: 10.4018/IJICTRAME.2017010103


This paper presents the survey conducted to assess end-user engagement in building organisation's security. A total of forty-eight (48) responses were collected from fifteen (15) mid-sized business organisations and institutions in Tanzania. The results show that little has been done to facilitate end-user engagement in building secure organisation. Also, the survey showed that old security problem such as passwords sharing still exist. The findings from this paper can be used by security officers and implementers within organisation to build and maintain sustainable secure organisation.
Article Preview

2. Literature Analysis

2.1. What is Protected?

According to the ISO/IEC1 27002 directive of 2005 - Information Technology - Security techniques - Code of practice for information security management, information is an important organisational asset worth protecting. Furthermore, supporting processes, systems and networks are essential assets of the organisation. In the ever increasingly networked business environment, these assets need be protected from a wide range of threats to ensure business continuity and to maintain a competitive in business edge.

In a nutshell, all assets of an organisation (physical and non-physical) can be represented as information. Thus, protecting information assets is protecting the entire organisation from security threats. The Common Criteria, like ISO/IEC 27002, positions protection of organisation’s assets as the central focus of information security. Figure 1 illustrates this positioning and relationship of assets and asset owner with security threats, security protection (in Figure 1 is referred as countermeasures) and security risks.

Figure 1.

Security concepts and relationships (CC-1, 2009)

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 9: 2 Issues (2020): Forthcoming, Available for Pre-Order
Volume 8: 2 Issues (2019): 1 Released, 1 Forthcoming
Volume 7: 2 Issues (2018)
Volume 6: 2 Issues (2017)
Volume 5: 2 Issues (2016)
View Complete Journal Contents Listing