Abstract
Information security awareness is a continuous effort to raise attention to information security and its importance, in order to stimulate security-oriented behaviors. Despite the increasing interest of researchers on the topic and the continuous notifications of global security surveys for its significance, awareness remains a critical issue of information security. Related approaches propose techniques and methods for promoting security without theoretical grounding and separately from the overall information security management framework. The aim of this paper is to suggest a theoretical and methodological framework which facilitates the analysis and understanding of the issues that are intertwined with awareness activities, in order to support the organization’s security management.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Albrechtsen, E.: A qualitative study of users’ view on information security. Computers & Security 26(4), 276–289 (2007)
Allen, J.P.: Redefining the network: enrollment strategies in the PDA industry. IT & People 17(2), 171–185 (2004)
Barrett, N.: Penetration testing and social engineering: Hacking the weakest link. Information Security Technical Report 8(4), 56–64 (2003)
BERR, Information Security Breaches Survey, technical report, PriceWaterHouseCoopers, in association with Symantec, HP and The Security Company (2008), http://www.pwc.co.uk/pdf/BERR_ISBS_2008sml.pdf (accessed 10.1.2010)
Bresz, F.P.: People—often the weakest link in security, but one of the best places to start. Journal of Health Care Compliance 6(4), 57–60 (2004)
Callon, M.: Techno-Economic Networks and Irreversibility. In: Law, J. (ed.) A Sociology of Monsters? Essays on Power, Technology and Domination, pp. 132–161. Routledge, London (1991)
Callon, M.: Some Elements of a Sociology of Translation: Domestication of the Scallops and the Fishermen οφ St Brieuc Bay’. In: Law, J. (ed.) Power, Action and Belief: A New Sociology of Knowledge, pp. 196–233. Routledge and Kegan Paul, London (1986)
Chen, C.C., Shaw, R.S., Yang, S.C.: Mitigating Information Security Risks by Increasing User Security Awareness: A Case Study of an Information Security Awareness System. Information Technology Learning and Performance Journal 24(1), 1–14 (2006)
CSI, Computer crime and security survey 2009. Computer Security Institute (2009), http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey09_Executive-Summary.pdf (accessed 31.3.2010)
Drevin, L., Kruger, H.A., Steyn, T.: Value-focused assessment of ICT security awareness in an academic environment. Computers & Security 26(1), 36–43 (2007)
ENISA , A new Users’ Guide: How to Raise Information Security Awareness. European Network and Information Security Agency (2008), http://www.enisa.europa.eu/doc/pdf/deliverables/new_ar_users_guide.pdf (accessed 31.3.2010)
Ernst, Young: Annual global information security survey 2008 (2008), http://www.ey.com/NZ/en/Services/Assurance/Technology-and-Security-Risk-Services/Global-Information-Secruity-Survey-2008 (Accessed at 10.1.2010)
Everett, C.J.: Security Awareness: switch to a better programme. Network Security 2006(2), 15–18 (2006)
Gao, P.: Using actor-network theory to analyse strategy formulation. Information Systems Journal 15(3), 255–275 (2005)
Goucher, W.: Getting the most from training sessions: the art of raising security awareness without curing insomnia. Computer Fraud & Security 2008(4), 15 (2008)
Hansche, S.: Designing a Security Awareness Program: Part I. Information Systems Security 9(6), 14–23 (2001)
Hanseth, O., Monteiro, E.: Inscribing behaviour in information infrastructure. Accounting, Management and Information Technologies 7(4), 183–211 (1997)
ISO/IEC 27001, Information technology - Security techniques – Information security management systems – requirements. International Standards Association (2005)
Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Computers & Security 25(1), 289–296 (2006)
Latour, B.: Science in Action: How to Follow Scientists and Engineers Through Society. Harvard University Press, Cambridge (1987)
Latour, B.: Seminar series, Information Systems or Networks of Transformation? and The Politics of Nature. London School of Economics and Political Science, London (1998)
Latour, B.: Where Are the Missing Masses? Sociology of a Few Mundane Artefacts. In: Bijker, W., Law, J. (eds.) Shaping Technology, Building Society: Studies in Sociotechnical Change. MIT Press, Cambridge (1992)
Law, J.: Notes on the Theory of the Actor-Network: Ordering, Strategy and Heterogeneity. Systems Practice 5, 379–393 (1992)
Maeyer, D.D.: Setting up an Effective Information Security Awareness Programme. In: ISSE/SECURE, Securing Electronic Business Processes Highlights of the Information Security Solutions Europe/SECURE, Conference (part 1), Vieweg, pp. 49–58 (2007)
Mähring, M., Holmström, J., Keil, M., Montealegre, R.: Trojan actor-networks and swift translation: Bringing actor-network theory to IT project escalation studies. Information Technology & People 17(2), 210–238 (2004)
McMaster, T., Vidgen, R.T., Wastell, D.G.: Networks of association and due process in IS development. In: Larsen, T.J., Levine, L., DeGross, J.I. (eds.) Information Systems: Current Issues and Future Changes, pp. 341–357. IFIP, Laxenburg (1999)
Monteiro, E.: Actor-network theory and information infrastructure. In: Ciborra, C. (ed.) From control to drift. The dynamics of corportate information infrastructure, pp. 71–83. Oxford Univ. Press, Oxford (2000)
Nandhakumar, J., Vidgen, R.: Due process and the introduction of new technology: The institution of video – teleconferencing. In: Russo, N.L., Fitzgerald, B., DeGross, J.I. (eds.) Realigning Research and Practice in Information Systems Development: The social and organizational perspective, Proceedings of the International Federation for Information Processing (IFIP Working Group 8. 2), Boise, Idaho, USA, pp. 127–148. Chapman & Hall, London (2001)
NIST, Building an Information Technology Security Awareness and Training Program. NIST Special Publication 800-50, edited by Wilson M.: National Institute of Standards and Technology, csrc.nist.gov (2003) (accessed 10.1.2010)
Peltier, T.R.: Implementing an Information Security Awareness Program. Information Systems Security 14(2), 37–48 (2005)
Puhakainen, P.: A design theory for information security awareness. Doctoral Dissertation, Department of information processing science, University of Oulu (2006), http://herkules.oulu.fi/isbn9514281144/ (accessed 10.1.2010)
Qing, T., Ng, B., Kankanhalli, A.: Individual’s Response to Security Messages: A Decision-Making Perspective, Decision Support for Global Enterprises. Annals of Information Systems, pp. 177–191. Springer, US (2007)
Scott, S.V., Wagner, E.L.: Networks, negotiations, and new times: the implementation of enterprise resource planning into an academic administration. Information and Organization 13(4), 285–313 (2003)
Siponen, M.: Five dimensions of Information Security Awareness. Computers and Society 32(2), 24–29 (2001)
Siponen, M.T.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8(1), 31–41 (2000)
Thomson, M.E., von Solms, R.: Information security awareness: educating your users effectively. Information Management & Computer Security 6(4), 167–173 (1998)
Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E.: Aligning Security Awareness with Information Systems Security Management. Journal of Information System Security 6(1), 36–54 (2010)
Tsohou, A., Kokolakis, S., Karyda, M., Kiountouzis, E.: Investigating information security awareness: research and practice gaps. Information Security Journal: A Global Perspective 17(5&6), 207–227 (2008)
Valentine, J.A.: Enhancing the employee security awareness model. Computer Fraud & Security (6), 17–19 (2006)
Vermeulen, C., Von Solms, R.: The information security management toolbox – taking the pain out of security management. Information Management & Computer Security 10(3), 119–125 (2002)
Walsham, G.: Actor-Network Theory and IS research: Current status and future prospects. In: Lee, A.S., Liebenau, J., DeGross, J.I. (eds.) Information systems and qualitative research, pp. 466–480. Chapman and Hall, London (1997)
Wilson, J., Turban, E., Zviran, M.: Information Systems Security: A Managerial Perspective. International Journal of Information Management 12, 105–119 (1992)
Cecez-Kecmanovic, D., Nagm, F.: Understanding IS Projects Evaluation in Practice through an ANT Inquiry. In: Proceedings of the 19th Australasian Conference on Information Systems (ACIS), Christchurch, New Zealand (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tsohou, A., Karyda, M., Kokolakis, S., Kiountouzis, E. (2010). Analyzing Information Security Awareness through Networks of Association. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-15152-1_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15151-4
Online ISBN: 978-3-642-15152-1
eBook Packages: Computer ScienceComputer Science (R0)