Establishing a Personalized Information Security Culture

Establishing a Personalized Information Security Culture

Shuhaili Talib (University of Plymouth, UK & International Islamic University, Malaysia), Nathan L. Clarke (University of Plymouth, UK & Edith Cowan University, Australia) and Steven M. Furnell (University of Plymouth, UK & Edith Cowan University, Australia)
DOI: 10.4018/978-1-4666-2163-3.ch004
OnDemand PDF Download:
No Current Special Offers


Good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect one’s self is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations. Given people’s use of technology is primarily focused between the workplace and home; this paper seeks to understand the knowledge and practice relationship between these environments. Through a developed survey, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. Results found that users were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that will develop an all-round individual security culture for users independent of the environment they are operating in.
Chapter Preview

Prior Work In Information Security Awareness Training

Information security awareness has been given an increasingly important focus within both academic and commercial communities. Organizations are gradually understanding the importance of their information assets and developing strategies to improve awareness throughout the company. Good corporate governance, regulation and legislation have also helped in raising the importance and relevance of good information security policies and practices (R. von Solms & von Solms, 2006). Within academia, focus by researchers has partially moved away from the technical issues towards understanding the end user and developing models and programs that organizations can utilize in developing better awareness (Dlamini, Eloff, & Eloff, 2009).

Complete Chapter List

Search this Book: