A study of information security awareness in Australian government organisations

Information Management and Computer Security

Volumn 22, Issue 4, 2014, Pages 334-345

  Parsons, Kathryn ^a   McCormac, Agata ^a   Pattinson, Malcolm ^b   Butavicius, Marcus ^a   Jerram, Cate ^b  

^a Electronic Warfare and Radar Division   (United Kingdom)

^b UNIVERSITY OF ADELAIDE   (Australia)

Author keywords

Information risk; Information security (InfoSec); InfoSec awareness; InfoSec behaviour; InfoSec vulnerabilities

Indexed keywords

HUMAN RESOURCE MANAGEMENT; RISK ASSESSMENT; SOCIAL SCIENCES COMPUTING; SURVEYS;

DESIGN/METHODOLOGY/APPROACH; HUMAN-BASED INFORMATION; INFORMATION RISK; INFORMATION SECURITY AWARENESS; INFOSEC AWARENESS; INFOSEC BEHAVIOUR; INFOSEC VULNERABILITIES; USE OF WIRELESS TECHNOLOGY;

SECURITY OF DATA;

EID: 84897915329     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/IMCS-10-2013-0078     Document Type: Article

References (19)

1. Bettinghaus, E.P. (1986), "Health promotion and the knowledge-attitude-behavior continuum", Preventive Medicine, Vol. 15 No. 5, pp. 475-491.
2. Brooke, S.L. (2006), "Using the case method to teach online classes: promoting Socratic dialogue and critical thinking skills", International Journal of Teaching and Learning in Higher Education, Vol. 18 No. 2, pp. 142-149.
3. Edwards, A.L. (1953), "The relationship between the judged desirability of a trait and the probability that the trait will be endorsed", Journal of Applied Psychology, Vol. 37 No. 2, pp. 90-93.
4. Fowler, F.J. (2002), Survey Research Methods, 3rd ed., Sage, Thousand Oaks, CA.
5. Howe, S.E. and Anda, B. (2005), "Experiences from conducting semi-structured interviews in empirical software engineering research", Software Metrics, 2005, 11th IEEE International Symposium, IEEE, Como, p. 10.
6. Karjalainen, M. (2011), "Improving employees' information systems (IS) security behaviour: toward a meta-theory of is security training and a new framework for understanding employees' is security behaviour", PhD, University of Oulu, Oulu.
7. Kruger, H. and Kearney, W. (2006), "A prototype for assessing information security awareness", Computers & Security, Vol. 25 No. 4, pp. 289-296.
8. Liginlal, D., Sim, I. and Khansa, L. (2009), "How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management", Computers & Security, Vol. 28 No. 3, pp. 215-228.
9. Parsons, K., McCormac, A., Butavicius, M. and Ferguson, L. (2010), Human Factors and Information Security: Individual, Culture and Security Environment, Defence Science and Technology Organisation, Edinburgh, SA.
10. Parsons, K., McCormac, A. and Butavicius, M. (2011), Don't Judge a (Face) Book by its Cover: A critical Review of The Implications of Social Networking Sites, Defence Science & Technology Organisation, Edinburgh, SA.
11. Pattinson, M.R. and Anderson, G. (2007), "How well are information risks being communicated to your computer end-users?", Information Management & Computer Security, Vol. 15 No. 5, pp. 362-371.
12. Schmitt, N. (1994), "Method bias: the importance of theory and measurement", Journal of Organizational Behavior, Vol. 15 No. 5, pp. 393-398.
13. Schneier, B. (2000), Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, Hoboken, NJ.
14. Schultz, E. (2005), "The human factor in security", Computers & Security, Vol. 24 No. 6, pp. 425-426.
15. Spector, P.E. (1994), "Using self-report questionnaires in OB research: a comment on the use of a controversial method", Journal of Organizational Behavior, Vol. 15, pp. 385-392.
16. Stanton, J.M., Stam, K.R., Mastrangelo, P. and Jolton, J. (2005), "Analysis of end user security behaviors", Computers & Security, Vol. 24 No. 2, pp. 124-133.
17. van der Linden, S. (2012), "Understanding and achieving behavioural change: towards a new model for communicating information about climate change", paper presented at the international workshop on psychological and behavioural approaches to understanding and governing sustainable tourism mobility, Freiburg.
18. Wilson, M. and Hash, J. (2003), Computer Security: Building an Information Technology Awareness and Training Program, NIST Security Publication, National Institute of Standards and Technology, Gaithersburg, MD, pp. 800-850.
19. Wood, C.C. and Banks, W.W. (1993), "Human error: an overlooked but significant information security problem", Computers & Security, Vol. 12 No. 1, pp. 51-60.