Abstract
The article actualizes the problem of the content of the employee awareness program concerning the information security of their organization as a key factor influencing the effectiveness of this activity. Based on the activity approach, a system of factors that determine the content of the awareness program in a particular organization is substantiated.
Similar content being viewed by others
REFERENCES
Russia: Leaks of limited access information in 2020, InfoWatch, 2022. https://www.infowatch.ru/analytics/analitika/rossiya-utechki-informatsii-ogranichennogo-dostupa-2020-god. Cited February 25, 2022.
Study of leads of limited access information in 2020, InfoWatch, 2022. https://www.infowatch.ru/analytics/analitika/issledovanie-utechek-informatsii-ogranichennogo-dostupa-v-2020-godu. Cited February 25, 2022.
Grassegger, T. and Nedbal, D., The role of employees’ information security awareness on the intention to resist social engineering, Procedia Comput. Sci., 2021, vol. 181, pp. 59–66. https://doi.org/10.1016/j.procs.2021.01.103
GOST R (State Standard) 22.3.07-2014: Safety in emergencies. Culture of life safety. General provisions, 2015.
Astakhova, L.V., Transformation of strategic models for managing human risks of information security of an enterprise as an imperative of the digital industry, Sci. Tech. Inf. Process., 2021, vol. 48, no. 2, pp. 71–77. doi https://doi.org/10.3103/S0147688221020027
GOST R ISO/MEK (State Standard) 27000-2021: Information technology. Security techniques. Information security management systems. Overview and vocabulary, 2021. http://protect.gost.ru/v.aspx?control=7&id=240708. Cited February 26, 2022.
Scrimgeour, J.-M. and Ophoff, J., Lessons learned from an organizational information security awareness campaign, Information Security Education. Education in Proactive Information Security. WISE 2019, Drevin, L. and Theocharidou, M., Eds., IFIP Advances in Information and Communication Technology, vol. 557, Cham: Springer, 2019, pp. 129–142. https://doi.org/10.1007/978-3-030-23451-5_10
Astakhova, L.V., A corporate employee as a subject of corporate information security management, Sci. Tech. Inf. Process., 2020, vol. 47, no. 2, pp. 113–118. https://doi.org/10.3103/S0147688220020069
Serfontein, R., Drevin, L., and Kruger, H., The feasibility of raising information security awareness in an academic environment using SNA, Information Security Education – Towards a Cybersecure Society. WISE 2018 Drevin, L. and Theocharidou, M., Eds., IFIP Advances in Information and Communication Technology, vol. 531, Cham: Springer, 2018, pp. 69–80. https://doi.org/10.1007/978-3-319-99734-6_6
Stroganov, S., Survey of the market of services for raising information security awareness, Anti-Malware, 2018. https://www.anti-malware.ru/analytics/Market_Analysis/Security-Awareness. Cited February 26, 2022.
Cloud Networks, Security awareness – programs for raising awareness. https://cloudnetworks.ru/inf-bezopasnost/security-awareness/. Cited February 26, 2022.
Chepanova, E., Review of Kaspersky ASAP platform for raising cybersecurity awareness of employees, Anti-Malware, 2020. https://www.anti-malware.ru/reviews/Kaspersky-ASAP. Cited February 26, 2022.
Standard of the Bank of Russia STO BR IBBS-1.0-2014: Information security of organizations of bank system of the Russian Federation. General provisions, 2014. https://www.garant.ru/products/ipo/prime/doc/70567254/. Cited February 25, 2022.
Lukatskii, A., 12 reasons why business does not see information security, or Schrödinger cybersecurity, 2019. https://lukatsky.blogspot.com/2019/01/12.html. Cited February 25, 2022.
Lukatskii, A., SOC: Is it a collection of services or processes?, 2019 https://lukatsky.blogspot.com/2019/06/soc.html. Cited February 25, 2022.
Bauer, S., Bernroider, E.W.N., and Chudzikowski, K., Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks, Comput. Secur., 2017, vol. 68, pp. 145–159. https://doi.org/10.1016/j.cose.2017.04.009
Tsohou, A., Karyda, M., and Kokolakis, S., Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs, Comput. Secur., 2015, vol. 52, pp. 128–141. https://doi.org/10.1016/j.cose.2015.04.006
Astakhova, L.V. and Beschastnov, S.A., Targeted comprehension of the program of increasing awareness of employees on information security of the organization, Inf. Bezop., 2021, vol. 24, no. 2, pp. 231–238. https://doi.org/10.36622/VSTU.2021.24.2.006
Alshaikh, M., Maynard, S.B., and Ahmad, A., Applying social marketing to evaluate current security education training and awareness programs in organisations, Comput. Secur., 2021, vol. 100, p. 102090. https://doi.org/10.1016/j.cose.2020.102090
Khando, K., Gao, S., Islam, S.M., and Salman, A., Enhancing employees information security awareness in private and public organisations: A systematic literature review, Comput. Secur., 2021, vol. 106, p. 102267. https://doi.org/10.1016/j.cose.2021.102267
Tolah, A., Furnell, S.M., and Papadaki, M., An empirical analysis of the information security culture key factors framework, Comput. Secur., 2021, vol. 108, p. 102354. https://doi.org/10.1016/j.cose.2021.102354
Posey, C., Roberts, T.L., Lowry, P.B., and Highto-wer, R.T., Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders, Inf. Manage., 2014, vol. 51, no. 5, pp. 551–567. https://doi.org/10.1016/j.im.2014.03.009
Astakhova, L. and Medvedev, I., Scanning the resilience of an organization employees to social engineering attacks using machine learning technologies, Ural Symp. on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), Yekaterinburg, 2020, IEEE, 2020, pp. 606–610. https://doi.org/10.1109/USBEREIT48449.2020.9117746
Astakhova, L.V. and Kiryaev, A.I., Integration of automated management of documents and awareness of employees about information security of a small and medium enterprise, Vestn. Ural. Fed. Okruga. Bezop. Inf. Srede, 2021, no. 4, pp. 46–58. https://doi.org/10.14529/secur210405
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The author declares that she has no conflicts of interest.
Additional information
Translated by L. Solovyova
About this article
Cite this article
Astakhova, L.V. Information Security Awareness Program for Employees of the Organization: The Activity Approach. Sci. Tech. Inf. Proc. 49, 174–179 (2022). https://doi.org/10.3103/S0147688222030066
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0147688222030066