Search results

The purpose of this paper is to investigate the association of lack of awareness and human factors and the association of lack of awareness and significant attacks that threat computer security in higher education.

Five human factors and nine attacks are considered to investigate their relationship. A field research is conducted on Greek employees in higher education to identify the human factors that affect information security. The sample is consisted of 103 employees that use computers at work. Pearson correlation analysis between lack of awareness and nine (9) computer security risks is performed.

Examining the association of lack of awareness with these attacks that threat the security of computers, all nine factors of important attacks exert significant and positive effect, apart from phishing. Considering the relationship of lack of awareness to human factors, all five human factors used are significantly and positively correlated with lack of awareness. Moreover, all nine important attacks, apart from one, exert a significant and positive effect.

The paper extends understanding of the relationship of the human factors, the lack of awareness and information security. The study has focused on employees of the Technological Educational Institute (TEI) of Athens, namely, teachers, administrators and working post-graduate students.

The paper has used weighted factors based on data collection in higher education to calculate a global index for lack of awareness, as the result of the weighted aggregation of nine (9) risks, and extends the analysis performed in the literature to evaluate the effectiveness of security awareness in computer risk management.

Information security has become an essential entity for organizations across the globe to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). However, the existence of numerous different types of risk assessment methods, standards, guidelines and specifications readily available causes the organizations to face the daunting tasks in determining the most suitable method that would augur well in meeting their needs. Therefore, to overcome this tedious process, this paper suggests collective information structure model for ISRA.

The proposed ISRA model was developed by deploying a questionnaire using close-ended questions administrated to a group of information security practitioners in Malaysia (N = 80). The purpose of the survey was to strengthen and add more relevant additional features to the existing framework, as it was developed based on secondary data.

Previous comparative and analyzed studies reveals that all the six types of ISRA methodologies have features of the same kind of information with a slight difference in form. Therefore, questionnaires were designed to insert additional features to the research framework. All the additional features chosen were based on high frequency of more than half percentage agreed responses from respondents. The analyses results inspire in generating a collective information structure model which more practical in the real environment of the workplace.

Generally, organizations need to make comparisons between methodologies and decide on the best due to the inexistence of agreed reference benchmark in ISRA methodologies. This tedious process leads to unwarranted time, money and energy consumption.

The collective information structure model for ISRA aims to assist organizations in getting a general view of ISRA flow and gathering information on the requirements to be met before risk assessment can be conducted successfully. This model can be conveniently used by organizations to complete all the required planning as well as to select the suitable methods to complete the ISRA.