Information security awareness in contemporary organizations – challenges and solutions

  • 1 “Alexandru Ioan Cuza” University, Iași, Romania

Abstract

Nowadays, we are witnessing a constant increase of cybersecurity-related threats and dangers. New trends such as monetization of attacks, their virulent propagation through social media channels, the abusive collection of data through interconnected smart things, with little concern for the privacy of the user, are expressed by the important security solutions providers around the world. In addition, the academic literature presents numerous real and proof-of-concept attacks and security problems that have a considerable impact in various domains. On the other side of the story, the organizations usually ignore privacy and security concerns, and there is a very low level of awareness regarding these issues. The need for related training programmes and educational curricula in this area remains almost unanswered. In this context, the paper analyses the security measures applied in contemporary organizations with the purpose of raising employees’ cybersecurity awareness and discusses their effectiveness, using a sample of 25 small and medium Romanian enterprises, with the intention to identify the current and to propose future viable solutions for raising awareness and inducing ethical behaviour among employees.

Keywords

References

  1. ENISA, ENISA Threat Landscape Report 2017, January 2018. [Online]. Available: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017. [Accessed 1 February 2018].
  2. DC, DDC Reveals Worldwide Internet of Things Predictions for 2015, 3 December 2014. [Online]. Available: https://www.idc.com/getdoc.jsp?containerId=prUS25291514. [Accessed 2 October 2016].
  3. Royal Academy of Engineering, Cyber safety. Strengthening the digital systems that support the modern economy, Royal Academy of Engineering Prince Philip House, London, 2018.
  4. ENISA, The new users’ guide: How to raise information security awareness, European Network and Information Security Agency (ENISA), 2010.
  5. Romanian National Computer Security Incident Response Team, Awareness Guides, 2018. [Online]. Available: https://cert.ro/. [Accessed 14 November 2018].
  6. Bitdefender, Whitepapers, 2018. [Online]. Available: https://www.bitdefender.com/. [Accessed 14 November 2018].
  7. L. A. Futcher, C. Schroder and R. von Solms, An Integrative Approach to Information Security Education: A South African Perspective, Information Management & Computer Security, 2010, vol. 18, no. 5, pp. 366-374,.
  8. B. Kooi and S. Hinduja, Teaching Security Courses Experientially, Journal of Criminal Justice Education, 2008, vol. 19, no. 2, pp. 290-307.
  9. T. Osburg and C. Lohrmann, Eds., Sustainability in a Digital World: New Opportunities Through New Technologies, Springer, 2017.
  10. A. Antonaci, R. Klemke, C. M. Stracke, M. Specht, M. Spatafora and K. Stefanova, Gamification to Empower Information Security Education, in GamiFIN Conference, Pori, Finland, 2017.
  11. B. Endicott-Popovsky, Information Security and Risk Management, coursera.org, 2014. [Online]. Available: https://www.coursera.org/course/inforiskman. [Accessed 8 January 2015].
  12. J. Van Niekerk and R. Goss, Towards Information Security Education 3.0. A Call for Information Security Educational Ontologies, in ISE 6, 7, and 8, IFIP AICT 406, IFIP International Federation for Information Processing, 2013, pp. 180-187.
  13. K. Salah, M. Hammoud and S. Zeadally, Teaching Cybersecurity using the Cloud, IEEE Transactions on Learning Technologies, vol. 8, no. X, 2015.
  14. Y. Alkhurayyif and G. R. S. Weir, Evaluating Readability as a Factor in Information Security Policies, in Proceedings of International Conference on Arts, Science & Technology, Dubai, 20-22 December 2017, 2017.

Article full text

Download PDF