Factors affecting the security awareness of end-users: A survey analysis within institutions of higher learning.

摘要

As the world becomes increasingly reliant on computer information systems, the challenge of protecting the information stored on them becomes increasingly more challenging. Research continues to emphasize the need for training end users of an organization to better understand their role in protecting information, or to become security aware. While the importance of such factors from the IT/IS department, and also from management, seems fairly straightforward, little research has actually determined the correlation between these two factors. In addition, other factors outside of the organization (such as prior training, governmental regulations, and bank newsletters) have not been discussed. Finally, factors inherent to the individual (including computer knowledge and desire to learn) also have not been discussed in security research, however they have been applied in other training models.; In this research, each of these factors were measured using a survey instrument designed to measure the extent of knowledge gained from each of these four factors, and correlate these values based on two measures. The first correlation measure was based on the participant's perception of security awareness, as measured through questions related to their understanding and participation in their organization's security mission. The second measure was based on the participant's actual performance on a security awareness assessment.; As a result of this research, it was found that there was a correlation between each of the four factors with the potential to influence the end user's perception of security awareness. However, no significant correlation was found between the four factors and the end user's performance on the security awareness assessment. Rather, the performance on the security awareness assessment was negatively correlated with the number of years the end user has been employed in their current position in the organization. This is direct opposite of the positive correlation between the number of years the end user has been employed and their perception of how they fit into the organization's information security mission.