Skip to main content
SpringerLink
Log in

Analyzing Information Security Awareness through Networks of Association

  • Conference paper
Trust, Privacy and Security in Digital Business (TrustBus 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6264))

Abstract

Information security awareness is a continuous effort to raise attention to information security and its importance, in order to stimulate security-oriented behaviors. Despite the increasing interest of researchers on the topic and the continuous notifications of global security surveys for its significance, awareness remains a critical issue of information security. Related approaches propose techniques and methods for promoting security without theoretical grounding and separately from the overall information security management framework. The aim of this paper is to suggest a theoretical and methodological framework which facilitates the analysis and understanding of the issues that are intertwined with awareness activities, in order to support the organization’s security management.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Albrechtsen, E.: A qualitative study of users’ view on information security. Computers & Security 26(4), 276–289 (2007)

    Article  Google Scholar 

  2. Allen, J.P.: Redefining the network: enrollment strategies in the PDA industry. IT & People 17(2), 171–185 (2004)

    Article  Google Scholar 

  3. Barrett, N.: Penetration testing and social engineering: Hacking the weakest link. Information Security Technical Report 8(4), 56–64 (2003)

    Article  Google Scholar 

  4. BERR, Information Security Breaches Survey, technical report, PriceWaterHouseCoopers, in association with Symantec, HP and The Security Company (2008), http://www.pwc.co.uk/pdf/BERR_ISBS_2008sml.pdf (accessed 10.1.2010)

  5. Bresz, F.P.: People—often the weakest link in security, but one of the best places to start. Journal of Health Care Compliance 6(4), 57–60 (2004)

    Google Scholar 

  6. Callon, M.: Techno-Economic Networks and Irreversibility. In: Law, J. (ed.) A Sociology of Monsters? Essays on Power, Technology and Domination, pp. 132–161. Routledge, London (1991)

    Google Scholar 

  7. Callon, M.: Some Elements of a Sociology of Translation: Domestication of the Scallops and the Fishermen οφ St Brieuc Bay’. In: Law, J. (ed.) Power, Action and Belief: A New Sociology of Knowledge, pp. 196–233. Routledge and Kegan Paul, London (1986)

    Google Scholar 

  8. Chen, C.C., Shaw, R.S., Yang, S.C.: Mitigating Information Security Risks by Increasing User Security Awareness: A Case Study of an Information Security Awareness System. Information Technology Learning and Performance Journal 24(1), 1–14 (2006)

    Google Scholar 

  9. CSI, Computer crime and security survey 2009. Computer Security Institute (2009), http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey09_Executive-Summary.pdf (accessed 31.3.2010)

  10. Drevin, L., Kruger, H.A., Steyn, T.: Value-focused assessment of ICT security awareness in an academic environment. Computers & Security 26(1), 36–43 (2007)

    Article  Google Scholar 

  11. ENISA , A new Users’ Guide: How to Raise Information Security Awareness. European Network and Information Security Agency (2008), http://www.enisa.europa.eu/doc/pdf/deliverables/new_ar_users_guide.pdf (accessed 31.3.2010)

  12. Ernst, Young: Annual global information security survey 2008 (2008), http://www.ey.com/NZ/en/Services/Assurance/Technology-and-Security-Risk-Services/Global-Information-Secruity-Survey-2008 (Accessed at 10.1.2010)

  13. Everett, C.J.: Security Awareness: switch to a better programme. Network Security 2006(2), 15–18 (2006)

    Article  MathSciNet  Google Scholar 

  14. Gao, P.: Using actor-network theory to analyse strategy formulation. Information Systems Journal 15(3), 255–275 (2005)

    Article  Google Scholar 

  15. Goucher, W.: Getting the most from training sessions: the art of raising security awareness without curing insomnia. Computer Fraud & Security 2008(4), 15 (2008)

    Article  Google Scholar 

  16. Hansche, S.: Designing a Security Awareness Program: Part I. Information Systems Security 9(6), 14–23 (2001)

    Article  Google Scholar 

  17. Hanseth, O., Monteiro, E.: Inscribing behaviour in information infrastructure. Accounting, Management and Information Technologies 7(4), 183–211 (1997)

    Article  Google Scholar 

  18. ISO/IEC 27001, Information technology - Security techniques – Information security management systems – requirements. International Standards Association (2005)

    Google Scholar 

  19. Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Computers & Security 25(1), 289–296 (2006)

    Article  Google Scholar 

  20. Latour, B.: Science in Action: How to Follow Scientists and Engineers Through Society. Harvard University Press, Cambridge (1987)

    Google Scholar 

  21. Latour, B.: Seminar series, Information Systems or Networks of Transformation? and The Politics of Nature. London School of Economics and Political Science, London (1998)

    Google Scholar 

  22. Latour, B.: Where Are the Missing Masses? Sociology of a Few Mundane Artefacts. In: Bijker, W., Law, J. (eds.) Shaping Technology, Building Society: Studies in Sociotechnical Change. MIT Press, Cambridge (1992)

    Google Scholar 

  23. Law, J.: Notes on the Theory of the Actor-Network: Ordering, Strategy and Heterogeneity. Systems Practice 5, 379–393 (1992)

    Article  Google Scholar 

  24. Maeyer, D.D.: Setting up an Effective Information Security Awareness Programme. In: ISSE/SECURE, Securing Electronic Business Processes Highlights of the Information Security Solutions Europe/SECURE, Conference (part 1), Vieweg, pp. 49–58 (2007)

    Google Scholar 

  25. Mähring, M., Holmström, J., Keil, M., Montealegre, R.: Trojan actor-networks and swift translation: Bringing actor-network theory to IT project escalation studies. Information Technology & People 17(2), 210–238 (2004)

    Article  Google Scholar 

  26. McMaster, T., Vidgen, R.T., Wastell, D.G.: Networks of association and due process in IS development. In: Larsen, T.J., Levine, L., DeGross, J.I. (eds.) Information Systems: Current Issues and Future Changes, pp. 341–357. IFIP, Laxenburg (1999)

    Google Scholar 

  27. Monteiro, E.: Actor-network theory and information infrastructure. In: Ciborra, C. (ed.) From control to drift. The dynamics of corportate information infrastructure, pp. 71–83. Oxford Univ. Press, Oxford (2000)

    Google Scholar 

  28. Nandhakumar, J., Vidgen, R.: Due process and the introduction of new technology: The institution of video – teleconferencing. In: Russo, N.L., Fitzgerald, B., DeGross, J.I. (eds.) Realigning Research and Practice in Information Systems Development: The social and organizational perspective, Proceedings of the International Federation for Information Processing (IFIP Working Group 8. 2), Boise, Idaho, USA, pp. 127–148. Chapman & Hall, London (2001)

    Chapter  Google Scholar 

  29. NIST, Building an Information Technology Security Awareness and Training Program. NIST Special Publication 800-50, edited by Wilson M.: National Institute of Standards and Technology, csrc.nist.gov (2003) (accessed 10.1.2010)

    Google Scholar 

  30. Peltier, T.R.: Implementing an Information Security Awareness Program. Information Systems Security 14(2), 37–48 (2005)

    Article  Google Scholar 

  31. Puhakainen, P.: A design theory for information security awareness. Doctoral Dissertation, Department of information processing science, University of Oulu (2006), http://herkules.oulu.fi/isbn9514281144/ (accessed 10.1.2010)

  32. Qing, T., Ng, B., Kankanhalli, A.: Individual’s Response to Security Messages: A Decision-Making Perspective, Decision Support for Global Enterprises. Annals of Information Systems, pp. 177–191. Springer, US (2007)

    Book  Google Scholar 

  33. Scott, S.V., Wagner, E.L.: Networks, negotiations, and new times: the implementation of enterprise resource planning into an academic administration. Information and Organization 13(4), 285–313 (2003)

    Article  Google Scholar 

  34. Siponen, M.: Five dimensions of Information Security Awareness. Computers and Society 32(2), 24–29 (2001)

    Google Scholar 

  35. Siponen, M.T.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8(1), 31–41 (2000)

    Article  Google Scholar 

  36. Thomson, M.E., von Solms, R.: Information security awareness: educating your users effectively. Information Management & Computer Security 6(4), 167–173 (1998)

    Article  Google Scholar 

  37. Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E.: Aligning Security Awareness with Information Systems Security Management. Journal of Information System Security 6(1), 36–54 (2010)

    Google Scholar 

  38. Tsohou, A., Kokolakis, S., Karyda, M., Kiountouzis, E.: Investigating information security awareness: research and practice gaps. Information Security Journal: A Global Perspective 17(5&6), 207–227 (2008)

    Google Scholar 

  39. Valentine, J.A.: Enhancing the employee security awareness model. Computer Fraud & Security (6), 17–19 (2006)

    Google Scholar 

  40. Vermeulen, C., Von Solms, R.: The information security management toolbox – taking the pain out of security management. Information Management & Computer Security 10(3), 119–125 (2002)

    Article  Google Scholar 

  41. Walsham, G.: Actor-Network Theory and IS research: Current status and future prospects. In: Lee, A.S., Liebenau, J., DeGross, J.I. (eds.) Information systems and qualitative research, pp. 466–480. Chapman and Hall, London (1997)

    Chapter  Google Scholar 

  42. Wilson, J., Turban, E., Zviran, M.: Information Systems Security: A Managerial Perspective. International Journal of Information Management 12, 105–119 (1992)

    Article  Google Scholar 

  43. Cecez-Kecmanovic, D., Nagm, F.: Understanding IS Projects Evaluation in Practice through an ANT Inquiry. In: Proceedings of the 19th Australasian Conference on Information Systems (ACIS), Christchurch, New Zealand (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Information and Communication Systems Engineering, University of the Aegean, Samos, GR-83200, Greece

    Aggeliki Tsohou, Maria Karyda & Spyros Kokolakis

  2. Dept. of Informatics, Athens University of Economics and Business, 76 Patission Str., Athens, GR-10434, Greece

    Evangelos Kiountouzis

Authors
  1. Aggeliki Tsohou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria Karyda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Spyros Kokolakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Evangelos Kiountouzis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Digital Systems, University of Piraeus, 18534, Piraeus, Greece

    Sokratis Katsikas

  2. Computer Science Department, University of Malaga, 29071, Malaga, Spain

    Javier Lopez

  3. Department of Telematics Engineering, Technical University of Catalonia, 08034, Barcelona, Spain

    Miguel Soriano

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E. (2010). Analyzing Information Security Awareness through Networks of Association. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15152-1_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15151-4

  • Online ISBN: 978-3-642-15152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation