文章基本信息

标题：An Effective Method for Information Security Awareness Raising Initiatives
本地全文：下载
作者：AliMaqousi ; TatianaBalikhina ; Michael Mackay 等
期刊名称：International Journal of Computer Science & Information Technology (IJCSIT)
印刷版ISSN：0975-4660
电子版ISSN：0975-3826
出版年度：2013
卷号：5
期号：2
页码：63
出版社：Academy & Industry Research Collaboration Center (AIRCC)
摘要：Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct theiractivities and provide E-Services for their customers. In the process, whether they know it or not, thoseorganizations are also opening themselves up to the risk of information security breaches. Thereforeprotecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is oftenunderestimated. Research has shown that one of the most significant threats to information security comesnot from external attack but rather from the system's users, because they are familiar with theinfrastructure and have access to its resources, but may be unaware of the risks. Moreover, using onlytechnological solutions to protect an organization’s assets is not enough; there is a need to consider thehuman factor by raising users’ security awareness. Our contribution to this problem is to propose anInformation Security Awareness Program that aims at raising and maintaining the level of users’ securityawareness. This paper puts forward a general model for an information security awareness program anddescribes how it could be incorporated into an organization’s website through the process of developmentlife cycle.
关键词：Information security awareness program; E-business; Security Policy; Security Culture