Using penetration testing feedback to cultivate an atmosphere of proactive security amongst end-users

$54.08 plus tax (Refund Policy)

Buy Article:

Abstract:

Purpose ‐ The purpose of this case study paper is to demonstrate that, no matter how complex computer security systems are, effort should be concentrated and focused on employees to improve their security awareness. Each employee needs to become a "Security Deputy" to the company's computer security staff and he or she needs to take some responsibility for preventing security breaches ‐ whether inside the workplace or not. It is easy to unwittingly spread a virus, or open security vulnerabilities, and such actions might damage a company's systems perhaps even more than malicious employees, through simple ignorance of security issues. Design/methodology/approach ‐ A series of surveys and questionnaires were designed along with practical exercises and security awareness training sessions. Findings ‐ Following their involvement in the exercises and awareness training, employees demonstrated improvement in security awareness. Users were made explicitly aware of the realities of IT security with pertinent questions asked in order to force them evaluate their own reactions to a situation which may escalate into a security incident. Research limitations/implications ‐ The research was undertaken in a typical medium-large sized company within the energy business sector, but it is possible that results may be different in other sectors. Practical implications ‐ It is clear that security technologies alone cannot prevent incidents and therefore employees need good quality security awareness training in order to protect the organisation. Originality/value ‐ It is becoming increasingly important that employees are taken through a more rigorous security-awareness training programme, in order to protect business computer systems and to "protect them from themselves".

Keywords: Data security; Employee behaviour; Training

Document Type: Research Article

DOI: http://dx.doi.org/10.1108/09685220910944759

Publication date: March 20, 2009

Related content

Share Content

Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
X
Cookie Policy
ingentaconnect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more