Advertisement

Email Security Awareness — a Practical Assessment of Employee Behaviour

  • Hennie Kruger
  • Lynette Drevin
  • Tjaart Steyn
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 237)

Abstract

Email communication is growing as a main method for individuals and organizations to communicate. Sadly, this is also an emerging means of conducting crime in the cyber world, e.g. identity theft, virus attacks etc. The need for improving awareness to these threats amongst employees is evident in media reports. Information security is as much a people issue as a technology one. This paper presents a description and results of an email awareness experiment that was performed amongst staff from a South African university. It is shown how management can use these results to focus and improve ICT awareness.

Keywords

Email security identity theft security awareness employee behaviour 

References

  1. 1.
    Pipkin, D.L.: Information Security. Protecting the Global Enterprise. Prentice-Hall Inc., (Upper Saddle River, NJ, 2000)Google Scholar
  2. 2.
    Dark, M.J.: Security Education, Training and Awareness from a Human Performance Technology Point of View, In: Readings and Cases in Management of Information Security, Whitman, M.E., Mattord, H.J. (Thomson Course Technology, 2006), pp. 86–104.Google Scholar
  3. 3.
    Drevin, L., Kruger, H.A. & Steyn, T.: Value-focused assessment of ICT security awareness in an academic environment, In: IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Ranneberg, K., Yngstrom, L., Lindskog, S. (Boston: Springer, 2006), pp. 448–453.Google Scholar
  4. 4.
    Dodge, R.C. & Ferguson, A.J.: Using Phishing for User Email Security Awareness, In: IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Ranneberg, K., Yngstrom, L., Lindskog, S. (Boston: Springer, 2006), pp. 454–459.Google Scholar
  5. 5.
    Kruger, H.A., Drevin, L. & Steyn, T.: A framework for evaluating ICT security awareness, In: Proceedings of the 2006 ISSA Conference, Johannesburg, South Africa, 5–7 July 2006 (on CD, 2006).Google Scholar
  6. 6.
    Steyn, T., Kruger, H.A. & Drevin, L.: Identity theft — Empirical evidence from a Phishing exercise, In: Proceedings of the 2007 IFIP Conference, Sandton, South Africa, 14–16 May 2007 (Accepted, to be published, 2007).Google Scholar
  7. 7.
    Steyn, A.G.W., Smit, CF., Du Toit, S.H.C. & Strasheim, C: Moderne Statistiek vir die Praktyk. Sesde uitgawe. (JL van Schaik. Pretoria, 1998).Google Scholar
  8. 8.
    Wegner, T.: Applied Business Statistics. (Juta & Co, Ltd. Kenwyn, 1993).Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Hennie Kruger
    • 1
  • Lynette Drevin
    • 1
  • Tjaart Steyn
    • 1
  1. 1.Computer Science & Information SystemsNorth-West UniversitySouth Africa

Personalised recommendations