Effects on employees' information security abilities by e-learning

Information Management and Computer Security

Volumn 17, Issue 5, 2009, Pages 388-407

  Hagen, Janne Merete ^a   Albrechtsen, Eirik ^b  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b SINTEF TECHNOLOGY AND SOCIETY   (Norway)

Author keywords

Data security; E learning; Employees; Individual behaviour; Training

Indexed keywords

BEFORE AND AFTER; CONTROL GROUPS; DATA SECURITY; DESIGN/METHODOLOGY/APPROACH; E-LEARNING TOOL; FOLLOW-UP STUDIES; INDIVIDUAL BEHAVIOUR; INFORMATION SECURITY; INFORMATION SECURITY AWARENESS; LONG-TERM EFFECTS; TIME EFFECT;

E-LEARNING; NETWORK SECURITY; PERSONNEL;

PERSONNEL TRAINING;

EID: 76649144189     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220911006687     Document Type: Article

References (36)

1. Albrechtsen, E. (2007), "A qualitative study of users' view on information security", Computers & Security, Vol.26 No.4, pp. 276-289
2. Albrechtsen, E. (2008), "Friend or foe? Information security management of employees", Thesis No. 2008:101, Norwegian University of Science and Technology, Trondheim.
3. Albrechtsen, E. and Hagen, J. (2008), "Information security measures influencing user performance", in Martorell, S., Soares, C.G. and Barnett, J. (Eds), Proceedings of Safety, Reliability, and Risk Analysis: Theory, Methods, and Applications, CRC Press, London, pp. 2649-2656
4. Ayres, I. (2007), Super Crunches: How Thinking by Numbers is the New Way to be Smart, Bentam Books, New York, NY.
5. Braverman, H. (1974), Labor and Monopoly Capital: The Degradation of Work in the Twentieth Century, Monthly Review Press, New York, NY.
6. Brunsson, N. (1989), The Organization of Hypocrisy: Talk, Decisions, and Actions in Organizations, Wiley, Chichester.
7. Dhillon, G. and Backhouse, J. (2001), "Current directions in IS security research: towards socio-organizational perspectives", Information Systems Journal, Vol.11 No.2, pp. 127-153
8. ENISA (2007), Information Security Awareness Initiatives: Current Practice and the Measurement of Success, European Network and Information Security Agency, Heraklion.
9. Forsvarsdepartementet (1998), Lov om forebyggende sikkerhetstjeneste (Sikkerhetsloven). The Norwegian Security Act, Forsvarsdepartementet, Oslo.
10. Furnell, S. (2005), "Why users cannot use security", Computers &Security, Vol.24 No.4, pp. 274-279
11. Goldenhar, L.M. and Schulte, P.A. (1994), "Intervention research in occupational health and safety", Journal of Occupational Medicine, Vol.36 No.7, pp. 763-775
12. Hagen, J.M. (2009), "How do employees comply with security policy? A comparative case study of four organizations under the Norwegian Security Act", The Human Factor behind the Security Perimeter. Evaluating the Effectiveness of Organizational Information Security Measures and Employees' Contributions to Security, doctoral dissertation, The Faculty of Mathematics and Natural Sciences, University of Oslo, Oslo.
13. Hagen, J.M. and Spilling, P. (2009), "Do organizational security measures contribute to the detection and deterrence of IT-system abuses?", Proceedings of the 3rd International Conference on Human Aspects of Information Security and Assurance (HAISA 2009).
14. Hagen, J.M., Albrechtsen, E. and Hovden, J. (2008a), "Implementation and effectiveness of organizational information security measures", Information Management & Computer Security, Vol.16 No.4, pp. 377-397
15. Hagen, J.M., Kalberg-Sivertsen, T. and Rong, C. (2008b), "Protection against unauthorized access and computer crime in Norwegian enterprises", Journal of Computer Security, Vol.16, pp. 341-366
16. Hale, A.I. and Glendon, A.I. (1987), Individual Behavior in the Control of Danger, Elsevier, Amsterdam.
17. Hovden, J., Ingstad, O., Mostue, B.A., Rosness, R., Rundmo, T. and Tinnmansvik, R.K. (1992), Ulykkesforebyggende arbeid (Accident Prevention), Yrkeslitteratur, Oslo (in Norwegian).
18. Hubbard, W. (2002), "Methods and techniques of implementing a security awareness program", SANS Institute White Paper, SANS Institute, Bethesda, MD.
19. Iversen, H., Rundmo, T. and Klempe, H. (2005), "Risk attitudes and behavior among Norwegian adolescents: the effects of a behavior modification program and a traffic safety campaign", European Psychologist, Vol.10 No.1, pp. 25-38.
20. Klinke, A. and Renn, O. (2002), "A new approach to risk evaluation and management: risk-based, precaution-based, and discourse-based strategies", Risk Analysis, Vol.22 No.6, pp. 1071-1094
21. Kristensen, T.S. (2005), "Intervention studies in occupational epidemiology", Occupational and Environmental Medicine, Vol.62 No.3, pp. 205-210
22. Likert, R. (1932), "A technique for the measurement of attitudes", Archives of Psychology, Vol.140, pp. 1-55.
23. Lund, J. and Aarø, L.E. (2004), "Accident prevention: presentation of a model placing emphasis on human, structural, and cultural factors", Safety Science, Vol.42 No.4, pp. 271-324.
24. Olson, R., Verley, J., Santos, L. and Salas, C. (2004), "What we teach students about the Hawthorne studies: a review of content within a sample of introductory I-O and OB textbooks", The Industrial-organizational Psychologist, Vol.41 No.3.
25. Rasmussen, J. (1997), "Risk management in a dynamic society: a modeling problem", Safety Science, Vol.17 Nos 2/3, pp. 183-213.
26. Ringdal, K. (2001), Enhet og mangfold: samfunnsvitenskapelig forskning og kvantitativ metode (Unity and Diversity: Social Science and Quantitative Methods), Fagbokforlaget, Bergen (in Norwegian).
27. Robson, L.S., Shannon, H.S., Goldenhar, L.M. and Hale, A.R. (2001), "Guide to evaluating the effectiveness of strategies for preventing work injuries: how to show whether a safety intervention really works", NIOSH Publication No. 2001-2119, NIOSH, Cincinnati, OH.
28. Rundmo, T. (1990), Atferdsvitenskaplig sikkerhetsforskning (Safety Research on Behavior), SINTEF Report STF75A9007, SINTEF, Trondheim (in Norwegian).
29. Schneier, B. (2004), Secrets and Lies: Digital Security in a Networked World,Wiley, Indianapolis, IN.
30. Schultz, E. (2004), "Security training and awareness: fitting a square peg in a round hole", Computers & Security, Vol.23 No.1, pp. 1-2.
31. Schultz, E. (2005), "The human factor in security", Computers & Security, Vol.24 No.6, pp. 425-426
32. Thomson, K.-L. and von Solms, R. (2006), "Towards an information security competence maturity model", Computer Fraud & Security, No.5, pp. 11-15.
33. Voss, B.D. (2001), "The ultimate defense of depth: security awareness in your company", SANS Institute White Paper, SANS Institute, Bethesda, MD.
34. Wang, A.J.A. and Yestko, K. (2005), "Building reusable information security courseware", paper presented at the 2005 Information Security Curriculum Development Conference.
35. Ward, P. and Smith, C.L. (2002), "The development of access control policies for information technology systems", Computers & Security, Vol.21 No.4, pp. 365-371
36. Wiant, T.L. (2005), "Information security policy's impact on reporting security incidents", Computers & Security, Vol.24 No.6, pp. 448-459