Skip to main content

Using penetration testing feedback to cultivate an atmosphere of proactive security amongst end-users

Buy Article:

$36.50 plus tax (Refund Policy)

Purpose ‐ The purpose of this case study paper is to demonstrate that, no matter how complex computer security systems are, effort should be concentrated and focused on employees to improve their security awareness. Each employee needs to become a "Security Deputy" to the company's computer security staff and he or she needs to take some responsibility for preventing security breaches ‐ whether inside the workplace or not. It is easy to unwittingly spread a virus, or open security vulnerabilities, and such actions might damage a company's systems perhaps even more than malicious employees, through simple ignorance of security issues. Design/methodology/approach ‐ A series of surveys and questionnaires were designed along with practical exercises and security awareness training sessions. Findings ‐ Following their involvement in the exercises and awareness training, employees demonstrated improvement in security awareness. Users were made explicitly aware of the realities of IT security with pertinent questions asked in order to force them evaluate their own reactions to a situation which may escalate into a security incident. Research limitations/implications ‐ The research was undertaken in a typical medium-large sized company within the energy business sector, but it is possible that results may be different in other sectors. Practical implications ‐ It is clear that security technologies alone cannot prevent incidents and therefore employees need good quality security awareness training in order to protect the organisation. Originality/value ‐ It is becoming increasingly important that employees are taken through a more rigorous security-awareness training programme, in order to protect business computer systems and to "protect them from themselves".
No Reference information available - sign in for access.
No Citation information available - sign in for access.
No Supplementary Data.
No Article Media
No Metrics

Keywords: Data security; Employee behaviour; Training

Document Type: Research Article

Publication date: 20 March 2009

  • Access Key
  • Free content
  • Partial Free content
  • New content
  • Open access content
  • Partial Open access content
  • Subscribed content
  • Partial Subscribed content
  • Free trial content
Cookie Policy
Cookie Policy
Ingenta Connect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more