Skip to main content
SpringerLink
Log in

Information Security Awareness Program for Employees of the Organization: The Activity Approach

  • Published:
Scientific and Technical Information Processing Aims and scope

Abstract

The article actualizes the problem of the content of the employee awareness program concerning the information security of their organization as a key factor influencing the effectiveness of this activity. Based on the activity approach, a system of factors that determine the content of the awareness program in a particular organization is substantiated.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

REFERENCES

  1. Russia: Leaks of limited access information in 2020, InfoWatch, 2022. https://www.infowatch.ru/analytics/analitika/rossiya-utechki-informatsii-ogranichennogo-dostupa-2020-god. Cited February 25, 2022.

  2. Study of leads of limited access information in 2020, InfoWatch, 2022. https://www.infowatch.ru/analytics/analitika/issledovanie-utechek-informatsii-ogranichennogo-dostupa-v-2020-godu. Cited February 25, 2022.

  3. Grassegger, T. and Nedbal, D., The role of employees’ information security awareness on the intention to resist social engineering, Procedia Comput. Sci., 2021, vol. 181, pp. 59–66. https://doi.org/10.1016/j.procs.2021.01.103

    Article  Google Scholar 

  4. GOST R (State Standard) 22.3.07-2014: Safety in emergencies. Culture of life safety. General provisions, 2015.

  5. Astakhova, L.V., Transformation of strategic models for managing human risks of information security of an enterprise as an imperative of the digital industry, Sci. Tech. Inf. Process., 2021, vol. 48, no. 2, pp. 71–77. doi https://doi.org/10.3103/S0147688221020027

    Article  Google Scholar 

  6. GOST R ISO/MEK (State Standard) 27000-2021: Information technology. Security techniques. Information security management systems. Overview and vocabulary, 2021. http://protect.gost.ru/v.aspx?control=7&id=240708. Cited February 26, 2022.

  7. Scrimgeour, J.-M. and Ophoff, J., Lessons learned from an organizational information security awareness campaign, Information Security Education. Education in Proactive Information Security. WISE 2019, Drevin, L. and Theocharidou, M., Eds., IFIP Advances in Information and Communication Technology, vol. 557, Cham: Springer, 2019, pp. 129–142.  https://doi.org/10.1007/978-3-030-23451-5_10

  8. Astakhova, L.V., A corporate employee as a subject of corporate information security management, Sci. Tech. Inf. Process., 2020, vol. 47, no. 2, pp. 113–118.  https://doi.org/10.3103/S0147688220020069

    Article  Google Scholar 

  9. Serfontein, R., Drevin, L., and Kruger, H., The feasibility of raising information security awareness in an academic environment using SNA, Information Security Education – Towards a Cybersecure Society. WISE 2018 Drevin, L. and Theocharidou, M., Eds., IFIP Advances in Information and Communication Technology, vol. 531, Cham: Springer, 2018, pp. 69–80.  https://doi.org/10.1007/978-3-319-99734-6_6

  10. Stroganov, S., Survey of the market of services for raising information security awareness, Anti-Malware, 2018. https://www.anti-malware.ru/analytics/Market_Analysis/Security-Awareness. Cited February 26, 2022.

  11. Cloud Networks, Security awareness – programs for raising awareness. https://cloudnetworks.ru/inf-bezopasnost/security-awareness/. Cited February 26, 2022.

  12. Chepanova, E., Review of Kaspersky ASAP platform for raising cybersecurity awareness of employees, Anti-Malware, 2020. https://www.anti-malware.ru/reviews/Kaspersky-ASAP. Cited February 26, 2022.

  13. Standard of the Bank of Russia STO BR IBBS-1.0-2014: Information security of organizations of bank system of the Russian Federation. General provisions, 2014. https://www.garant.ru/products/ipo/prime/doc/70567254/. Cited February 25, 2022.

  14. Lukatskii, A., 12 reasons why business does not see information security, or Schrödinger cybersecurity, 2019. https://lukatsky.blogspot.com/2019/01/12.html. Cited February 25, 2022.

  15. Lukatskii, A., SOC: Is it a collection of services or processes?, 2019 https://lukatsky.blogspot.com/2019/06/soc.html. Cited February 25, 2022.

  16. Bauer, S., Bernroider, E.W.N., and Chudzikowski, K., Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks, Comput. Secur., 2017, vol. 68, pp. 145–159.  https://doi.org/10.1016/j.cose.2017.04.009

    Article  Google Scholar 

  17. Tsohou, A., Karyda, M., and Kokolakis, S., Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs, Comput. Secur., 2015, vol. 52, pp. 128–141.  https://doi.org/10.1016/j.cose.2015.04.006

    Article  Google Scholar 

  18. Astakhova, L.V. and Beschastnov, S.A., Targeted comprehension of the program of increasing awareness of employees on information security of the organization, Inf. Bezop., 2021, vol. 24, no. 2, pp. 231–238. https://doi.org/10.36622/VSTU.2021.24.2.006

    Article  Google Scholar 

  19. Alshaikh, M., Maynard, S.B., and Ahmad, A., Applying social marketing to evaluate current security education training and awareness programs in organisations, Comput. Secur., 2021, vol. 100, p. 102090.  https://doi.org/10.1016/j.cose.2020.102090

    Article  Google Scholar 

  20. Khando, K., Gao, S., Islam, S.M., and Salman, A., Enhancing employees information security awareness in private and public organisations: A systematic literature review, Comput. Secur., 2021, vol. 106, p. 102267. https://doi.org/10.1016/j.cose.2021.102267

    Article  Google Scholar 

  21. Tolah, A., Furnell, S.M., and Papadaki, M., An empirical analysis of the information security culture key factors framework, Comput. Secur., 2021, vol. 108, p. 102354.  https://doi.org/10.1016/j.cose.2021.102354

    Article  Google Scholar 

  22. Posey, C., Roberts, T.L., Lowry, P.B., and Highto-wer, R.T., Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders, Inf. Manage., 2014, vol. 51, no. 5, pp. 551–567. https://doi.org/10.1016/j.im.2014.03.009

    Article  Google Scholar 

  23. Astakhova, L. and Medvedev, I., Scanning the resilience of an organization employees to social engineering attacks using machine learning technologies, Ural Symp. on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), Yekaterinburg, 2020, IEEE, 2020, pp. 606–610.  https://doi.org/10.1109/USBEREIT48449.2020.9117746

  24. Astakhova, L.V. and Kiryaev, A.I., Integration of automated management of documents and awareness of employees about information security of a small and medium enterprise, Vestn. Ural. Fed. Okruga. Bezop. Inf. Srede, 2021, no. 4, pp. 46–58.  https://doi.org/10.14529/secur210405

Download references

Author information

Authors and Affiliations

  1. South-Ural State University, Chelyabinsk, Russia

    L. V. Astakhova

Authors
  1. L. V. Astakhova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to L. V. Astakhova.

Ethics declarations

The author declares that she has no conflicts of interest.

Additional information

Translated by L. Solovyova

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Astakhova, L.V. Information Security Awareness Program for Employees of the Organization: The Activity Approach. Sci. Tech. Inf. Proc. 49, 174–179 (2022). https://doi.org/10.3103/S0147688222030066

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0147688222030066

Keywords:

Search

Navigation