Organisational information security management: The impact of training and awareness. Evaluating the socio-technical impact on organisational information security policy management.

Abstract

Security breaches have attracted attention from corporations and scholars alike. The major organisations are determined to stop security breaches as they are detrimental to their success. Arguably the most common factor contributing to these breaches is employee behaviour, which suggests that changes in employee behaviour can have an impact on improving security. This research aims to study the critical factors (CFs) that impact on employee behaviours toward compliance with their organisation¿s information security policy. This investigation will focus on the various critical success factors based on their grouping into one of the following three major categories, namely: organisational factors, behavioural factors and training factors. Each of these categories affects a different aspect of information security and the objective is to not only understand the interaction of different factors but also to study further the aims in order to provide practical recommendations for improving organisational information security management. This study has utilised empirical research through the use of both qualitative and quantitative methodologies to inform each stage of the research. This study focused on the health, business and education sectors by empirically evaluating the obstacles and success factors that affect employee compliance to organisational security policies. In addition, this study also evaluated the affect of the socio-technical impact on organisational information security management. The final stage of the research focused on developing an effective training and awareness programme. This training programme was constructed by incorporating the techniques that were identified as enhancing employee perceptions, attitudes and motivations, in order to facilitate a better transference of skills and more sustainable and appropriate behaviours to improve organisational information security management in the workplace. The techniques utilised included: effective communication, knowledge reinforcement, pre- and post-assessment and motivational techniques.