Thumbnail Image
Publication

Organisational information security management: The impact of training and awareness. Evaluating the socio-technical impact on organisational information security policy management.

Waly, Nesren Saleh
Publication Date
2013-11-15
End of Embargo
Supervisor
Tassabehji, Rana
Kamala, Mumtaz A.
Keywords
Information security, Human factors, Organisational factors, Training, Employee behaviour, Policy compliance
Rights
Creative Commons License
The University of Bradford theses are licenced under a Creative Commons Licence.
Peer-Reviewed
Open Access status
Accepted for publication
Institution
University of Bradford
Department
Department of Computing
Awarded
2013
Embargo end date
Collections
Theses
Show all metadata
Files
Thumbnail Image
NESREN SALEH WALY.pdf
Adobe PDF4.76 MB
Additional title
Abstract
Security breaches have attracted attention from corporations and scholars alike. The major organisations are determined to stop security breaches as they are detrimental to their success. Arguably the most common factor contributing to these breaches is employee behaviour, which suggests that changes in employee behaviour can have an impact on improving security. This research aims to study the critical factors (CFs) that impact on employee behaviours toward compliance with their organisation¿s information security policy. This investigation will focus on the various critical success factors based on their grouping into one of the following three major categories, namely: organisational factors, behavioural factors and training factors. Each of these categories affects a different aspect of information security and the objective is to not only understand the interaction of different factors but also to study further the aims in order to provide practical recommendations for improving organisational information security management. This study has utilised empirical research through the use of both qualitative and quantitative methodologies to inform each stage of the research. This study focused on the health, business and education sectors by empirically evaluating the obstacles and success factors that affect employee compliance to organisational security policies. In addition, this study also evaluated the affect of the socio-technical impact on organisational information security management. The final stage of the research focused on developing an effective training and awareness programme. This training programme was constructed by incorporating the techniques that were identified as enhancing employee perceptions, attitudes and motivations, in order to facilitate a better transference of skills and more sustainable and appropriate behaviours to improve organisational information security management in the workplace. The techniques utilised included: effective communication, knowledge reinforcement, pre- and post-assessment and motivational techniques.
URI
http://hdl.handle.net/10454/5666
Version
Citation
Link to publisher’s version
Link to published version
Link to Version of Record
Type
Thesis
Qualification name
PhD
Notes