A prototype for assessing information security awareness

Computers and Security

Volumn 25, Issue 4, 2006, Pages 289-296

  Kruger, H A ^a   Kearney, W D ^b  

^a NORTH WEST UNIVERSITY   (South Africa)

^b AngloGold Ashanti Limited Australia   (Australia)

Author keywords

Attitude; Behaviour; Information security awareness; Knowledge; Quantitative modelling

Indexed keywords

DATA MINING; INFORMATION ANALYSIS; RESEARCH AND DEVELOPMENT MANAGEMENT; RISK ASSESSMENT; SOFTWARE PROTOTYPING;

ATTITUDE; BEHAVIOR; INFORMATION SECURITY AWARENESS; KNOWLEDGE; QUANTITATIVE MODELING;

SECURITY OF DATA;

EID: 33746994612     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2006.02.008     Document Type: Article

References (24)

1. Belton V., and Stewart T.J. Multiple criteria decision analysis. An integrated approach (2002), Kluwer Academic Publishers, Dordrecht
2. CERT/CC. Date revised. CERT/CC statistics 1988-2004. Web: (2004). [accessed September 2004]
3. CSI. CSI/FBI computer crime and security survey (2004), Computer Security Institute
4. Feldman R.S. Understanding psychology. 5th ed. (1999), McGraw-Hill College, Boston, River Ridge, IL
5. Furnell S.M., Gennatou M., and Dowland P.S. A prototype tool for information security awareness and training. Logistics Information Management 15 5/6 (2002) 352-357
6. Hansche S. Designing a security awareness program: Part 1, information. Systems Security (January/February 2001) 14-22
7. ISF. Effective security awareness - workshop report. Information Security Forum; April 2002.
8. ISF. The standard of good practice for information security. Version 4.0. Information Security Forum; 2003.
9. ISO 17799. Information technology, code of practice for information security management (2000), International Standards Organisation, Geneva
10. Leach J. Improving user security behaviour. Computers and Security 22 8 (2003) 685-692
11. Martins A., and Eloff J.H.P. Measuring information security (2001). [accessed August 2004]
12. Michener H.A., and Delamater J.D. Social psychology. 3rd ed. (1994), Harcourt Brace College Publishers, Orlando, Florida
13. Pentasafe. Security awareness index report: the state of security awareness among organisations worldwide (2002), Pentasafe Security Technologies p. 55
14. Posthumus S., and Von Solms R. A framework for the governance of information security. Computers and Security 23 8 (2004) 638-646
15. Saaty T.L. The analytic hierarchy process (1980), McGraw-Hill
16. Schlienger T., and Teufel S. Information security culture - from analysis to change. South African Computer Journal 31 (2003) 46-52
17. Spurling P. Promoting security awareness and commitment. Information Management and Computer Security 3 2 (1995) 20-26
18. Stanton J.M., Stam K.R., Mastrangelo P., and Jolton J. Analysis of end user security behaviours. Computers and Security 24 2 (2005) 124-133
19. Taylor B.W. Introduction to management science. 7th ed. (2002), Prentice Hall
20. Teare G, Da Veiga A. Information security culture and awareness. Paper presented at the 2003 ISSA Conference, Sandton Convention Centre, South Africa; 9-11 July 2003.
21. Thompson M.E., and Von Solms R. Information security awareness: educating your users effectively. Information Management and Computer Security 6 4 (1998) 167-173
22. Vaida O.S., and Kumar S. Analytic hierarchy process: an overview of applications. European Journal of Operational Research 169 1 (2006) 1-29
23. Vargas L.G., and Dougherty J.J. The analytic hierarchy process and multicriterion decision making. American Journal of Mathematical and Management Sciences 19 1 (1982) 59-92
24. Von Solms R., and Von Solms B. From policies to culture. Computers and Security 23 4 (2004) 275-279