Information security awareness in higher education: An exploratory study

Computers and Security

Volumn 27, Issue 7-8, 2008, Pages 241-253

  Rezgui, Yacine ^a   Marks, Adam ^a  

^a School of Engineering   (United Kingdom)

Author keywords

Awareness; Conscientiousness; Higher Education; Human Factors; Information Security; UAE

Indexed keywords

HUMAN ENGINEERING;

AWARENESS; CONSCIENTIOUSNESS; HIGHER EDUCATION; HUMAN FACTORS; INFORMATION SECURITY; UAE;

INFORMATION SYSTEMS;

EID: 55849105212     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2008.07.008     Document Type: Article

References (69)

1. Backhouse J., and Dhillon G. Structures of responsibility and security of information systems. European Journal of Information Systems 5 1 (1996) 2-9
2. Banerjee D., Cronan T.P., and Jones T.W. Modeling IT ethics: a study in situational ethics. MIS Quarterly 22 1 (1998) 31-60
3. Barman S. Writing IS security policies (2002), New Riders Publishing, Indianapolis
4. Bannon L.J. From human factors to human actors: the role of psychology and human-computer interaction studies in system design. In: Greenbaum J., and Kyng M. (Eds). Design at work: cooperative design of computer systems (1991), Erlbaum, Hillsdale 25-44
5. Barsanti C. Modern network complexity needs comprehensive security. Security 36 7 (1999) 65-68
6. Baskerville R. Risk analysis: an interpretive feasibility tool in justifying information systems security. European Journal of Information Systems 1 (1991) 121-130
7. Beatson J.G. Security - a personnel issue. The importance of personnel attitudes and security education. In: Dittrich K., Rautakivi S., and Saari J. (Eds). Computer security and information integrity (1991), Elsevier Science Publishers, Amsterdam 29-38
8. Bonoma T.V. Case research in marketing: opportunities, problems, and a process. Journal of Marketing Research 22 (1985) 199-208
9. Brancheau J.C., Janz B.D., and Wetherbe J.C. Key issues in information systems management: 1994-95 SIM Delphi results. MIS Quarterly 20 2 (1996) 225-242
10. BS7799. Code of practice for information security management (1999), British Standards Institute, UK
11. Cronan T.P., Foltz B., and Jones T.W. Piracy, computer crime, and IS misuse at the university. Communications of the ACM 49 6 (2006) 84-90
12. Czernowalow M. Lack of policy causes IT risks. Available from: ITWEB. [accessed 15.07.05]
13. Denning D.E. Information warfare and security (1999), ACM Press, USA
14. Denzin N.K., and Lincoln Y.S. The handbook of qualitative research. 2nd ed. (2000), SAGE Publishing, London
15. Dhillon G., and Backhouse J. Information system security management in the new millennium. Communications of the ACM 43 7 (2000) 125-128
16. Diaper D., and Sanger C. Tasks for and tasks in human-computer interaction. Interacting with Computers 18 2 (2006) 117-138
17. Dunlop C., and Kling R. Social relationships in electronic communities. Computerization and controversy: value conflicts and social choices (1991), Academic Press Professional, Inc., San Diego, CA
18. Flora C. Building social capital: the importance of entrepreneurial social infrastructure. Rural Development News 21 2 (1997) 1-3
19. Furnell S.M., Gaunt P.N., Holben R.F., Sanders P.W., Stockel C.T., and Warren M.J. Assessing staff attitudes towards information security in a European healthcare establishment. Medical Informatics 21 2 (1996) 105-112
20. Gaunt N. Installing an appropriate IS security policy in hospitals. International Journal of Medical Informatics 49 1 (1998) 131-134
21. Gaunt N. Practical approaches to creating a security culture. International Journal of Medical Informatics 60 2 (2000) 151-157
22. Goodhue D.L., and Straub D.W. Security concerns of system users: a study of perceptions of the adequacy of security. Information and Management 20 1 (1991) 13-27
23. Hansche S. Designing a security awareness program: part I. Information System Security 10 1 (2001) 14-22
24. Heinström J. Five personality dimensions and their influence on information behaviour. Information Research 9 1 (2003) 165
25. Höne K., and Eloff J.H.P. What makes an effective information security policy?. Network Security 6 (2002) 14-16
26. Information Systems Audit and Control Association. Information systems auditing manual (2006), ISACA
27. International Organization for Standardization. ISO/IEC 17799, information technology - code of practice for IS security management. 2nd ed. (2005), ISO
28. Kankanhalli A., Teo H.K., Tan B.C.Y., and Wei K.K. An integrative study of information systems security effectiveness. International Journal of Information Management 23 (2003) 139-154
29. Karat J., and Karat C.M. The evolution of user-centered focus in the human computer interaction field. IBM Systems Journal 42 4 (2003) 532-541
30. Katsikas S.K. Health care management and information system security: awareness, training or education?. International Journal of Medical Informatics 60 2 (2000) 129-135
31. Katz, FH. The effect of a university information security survey on instructing methods in information security. In: Proceedings of the second annual conference on information security curriculum development; 2005. p. 43-8.
32. Kerievsky B. Security and confidentiality in a university computer network. ACM SIGUCCS Newsletter Archive 6 3 (1976) 9-11 New York, NY: ACM
33. Kovacich G.L., and Halibozek E.P. The Manager's handbook for corporate security: establishing and managing a successful assets protection program (2003), Butterworth-Heinemann, USA
34. Kuutti K. Activity theory as a potential framework for human computer interaction research. Context and consciousness: activity theory and human computer interaction (1995), MIT Press, Cambridge
35. Lafleur L.M. Training as part of a security awareness program. Computer Control Quarterly 10 4 (1992) 4-11
36. Marklein M.B. The new learning curve: technological security. USA Today (2006). http://www.usatoday.com/tech/news/computersecurity/hacking/2006-08-01-co llege-security_x.htm [accessed 20.06.08]
37. Martins A, Eloff JHP. IS security Culture. Proceedings of IFIP TC-11 17th International Conference on IS security (SEC2002). 2002.
38. Marks A. Exploring universities' information systems security awareness in a changing higher education environment: a comparative case study research. PhD thesis, University of Salford; 2007.
39. Merriam S.B. Case study research in education. A qualitative approach (1988), Jossey-Bass, Inc., San Francisco p. 246
40. McDaniel G. IBM dictionary of computing (1994), McGraw-Hill, Inc, New York p. 1
41. Miles M.B., and Huberman A.M. Qualitative data analysis, an expanded source book (1994), Sage, Beverly Hills
42. Mitnick K.D. The art of deception: controlling the human element of security (2002), Wiley Publishing, USA
43. Murray B. Running corporate and national security awareness programs. In: Proceedings of the IFIP TC11 seventh international conference on IS security 1991; p. 203-7.
44. North MM, Roy G, North SM, Computer security ethics awareness in university environments: a challenge for management of information systems. In: Proceedings of the 44th annual southeast regional conference (ACMSE) 2006, Melbourne, Florida, March 10-12, p. 434-9.
45. Olnes J. Development of security policies. Computers and Security 13 8 (1994) 628-636
46. Parker D.B. Fighting computer crime: a new framework for protecting information (1998), John Wiley & Sons, USA
47. Parker D.B. Security motivation, the mother of all controls, must precede awareness. Computer Security Journal 15 4 (1999) 15-23
48. Pfleeger C.P., and Pfleeger S.L. Security in computing. 3rd ed. (2003), Prentice Hall
49. Piazza P. Security goes to school. Security Management 50 12 (2006) 46-51 Arlington
50. Puhakainen P, A design theory for information security awareness. PhD thesis, University of Oulu; 2006.
51. Rezgui Y. Exploring virtual team-working effectiveness in the construction sector. Interacting with Computers 19 (2007) 96-112
52. Ronald R. Ringing the alarm on campus computer security. Black Issues in Higher Education 18 20 (2001) 50-51
53. Ross S.T. Unix systems security tools (1999), The McGraw-Hill Companies p. 444. ISBN-10: 0079137881; ISBN-13: 978-0079137883
54. Schlienger T., and Teufel S. Information security culture - from analysis to change. South African Computer Journal 31 (2003) 46-52
55. Sims H.P., and Lorenzi P. The new leadership paradigm, social learning and cognition in organizations (1992), Sage Publications, Newbury Park
56. Siponen M.T. A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8 1 (2000) 31-41
57. Siponen M.T. Five dimensions of information security awareness. Computers and Society 31 2 (2001) 24-29
58. Siponen M. Information security standards focus on the existence of process, not its content. Communications of the ACM 49 8 (2006) 97-100
59. Stake R.E. The art of case study research (1995), Sage, Thousand Oaks
60. Straub D.W. Effective IS security: an empirical study. Information Systems Research 1 3 (1990) 255-276
61. Straub D.W., and Nance W.D. Uncovering and disciplining computer abuse: organizational responses and options. Information Age, 0261-4103 10 3 (1988) 151-156
62. Straub D.W., and Welke R.J. Coping with systems risk: security planning models for management decision making. MIS Quarterly 22 4 (1998) 441-469
63. Tracy PD, Tracy MB, A conceptual framework of social capital and civil society: the re-emergence of John Dewey. In: Proceedings of the international research conference on social security, Helsinki; 2000, p. 2-15.
64. Thomson M.E., and von Solms R. IS security awareness: educating your users effectively. Information Management & Computer Security 6 4 (1998) 167-173
65. Turn R. Security and privacy requirements in computing. Proceedings of 1986 ACM fall joint computer conference (1986), IEEE Computer Press 1106-1114
66. Updegrove D., and Wishon G. Computers and network security in higher education. EDUCAUSE (2003)
67. Verton D. Disaster recovery planning still lags. Computer World 36 14 (2002) 10
68. Whitman M.E., and Mattord H.J. Principles of information security. 2nd ed. (2005), Thomson
69. Zayed University Web Site - home page. Available from:. www.zu.ac.ae [accessed 20.06.08]