A systematic review of approaches to assessing cybersecurity awareness

Kybernetes

Volumn 44, Issue 4, 2015, Pages 606-622

  Rahim, Noor Hayani Abd ^a,b   Hamid, Suraya ^a   Kiah, Laiha Mat ^a   Shamshirband, Shahaboddin ^a   Furnell, Steven ^c  

^a UNIVERSITY OF MALAYA   (Malaysia)

^b INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA   (Malaysia)

^c UNIVERSITY OF PLYMOUTH   (United Kingdom)

Author keywords

Adaptation; Cybernetics

Indexed keywords

EID: 84930789675     PISSN: 0368492X     EISSN: None     Source Type: Journal    
DOI: 10.1108/K-12-2014-0283     Document Type: Article

References (67)

1. Abawajy, J., Thatcher, K. and Kim, T. (2008), “Investigation of stakeholders commitment to information security awareness programs”, 2008 International Conference on Information Security and Assurance (ISA 2008), pp. 472-476.
2. Aimeur, E. and Schonfeld, D. (2011), “The ultimate invasion of privacy: identity theft”, 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp. 24-31.
3. Albrechtsen, E. (2007), “A qualitative study of users’ view on information security”, Computers & Security, Vol. 26 No. 4, pp. 276-289.
4. Atkinson, S., Furnell, S. and Phippen, A. (2009), “Securing the next generation: enhancing e-safety awareness among young people”, Computer Fraud & Security, Vol. 2009 No. 7, pp. 13-19.
5. Bates, R. (2004), “A critical analysis of evaluation practice: the Kirkpatrick model and the principle of beneficence”, Evaluation and Program Planning, Vol. 27 No. 3, pp. 341-347.
6. Boyd, D. (2007), “Why youth (heart) social network sites: the role of networked publics in teenage social life”, MacArthur Foundation Series on Digital Learning – Youth, Identity, and Digital Media Volume, pp. 119-142.
7. Broadhurst, R. and Chang, L.Y. (2013), Cybercrime in Asia: Trends and Challenges, Handbook of Asian Criminology, Springer, New York, pp. 49-63.
8. Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010), “Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness”, MIS Quarterly, Vol. 34 No. 3, pp. 523-548.
9. Caputo, D.D., Pfleeger, S.L., Freeman, J.D. and Johnson, M.E. (2014), “Going spear phishing: exploring embedded training and awareness”, IEEE Security & Privacy, Vol. 12 No. 1, pp. 28-38.
10. Charoen, D., Raman, M. and Olfman, L. (2007), “Improving end user behaviour in password utilization: an action research initiative”, Systemic Practice and Action Research, Vol. 21 No. 1, pp. 55-72.
11. Chen, C.C., Shaw, R.S. and Yang, S.C. (2006), “Mitigating information security risks by increasing user security awareness: a case study of an information security awareness system”, Information Technology, Learning and Performance Journal, Vol. 24 No. 1, pp. 1-15.
12. Choo, K.-K.R. (2011), “The cyber threat landscape: challenges and future research directions”, Computers & Security, Vol. 30 No. 8, pp. 719-731.
13. Cole, J.I., Suman, M., Schramm, P., Zhou, L. and Salvador, L. (2013), The Digital Future Project, Center for the Digital Future, Los Angeles, CA.
14. Cone, B.D., Irvine, C.E., Thompson, M.F. and Nguyen, T.D. (2007), “A video game for cyber security training and awareness”, Computers & Security, Vol. 26 No. 1, pp. 63-72.
15. Dlamini, M.T., Eloff, J.H.P. and Eloff, M.M. (2009), “Information security: the moving target”, Computers & Security, Vol. 28 Nos 3-4, pp. 189-198.
16. Drevin, L., Kruger, H.A. and Steyn, T. (2007), “Value-focused assessment of ICT security awareness in an academic environment”, Computers & Security, Vol. 26 No. 1, pp. 36-43.
17. Furman, S., Theofanos, M.F., Choong, Y.Y. and Stanton, B. (2012), “Basing cybersecurity training on user perceptions”, IEEE Security and Privacy, Vol. 10 No. 2, pp. 40-49.
18. Furnell, S. (2008), “End-user security culture: a lesson that will never be learnt ?”, Computer Fraud & Security, Vol. 2008 No. 40, pp. 6-9.
19. Furnell, S. (2010), “Jumping security hurdles”, Computer Fraud & Security, Vol. 2010 No. 6, pp. 10-14.
20. Furnell, S. and Thomson, K.-L. (2009), “From culture to disobedience: recognising the varying user acceptance of IT security”, Computer Fraud & Security, Vol. 2009 No. 2, pp. 5-10.
21. Furnell, S.M., Bryant, P. and Phippen, A. (2007), “Assessing the security perceptions of personal internet users”, Computers & Security, Vol. 26 No. 5, pp. 410-417.
22. Furnell, S., Tsaganidi, V. and Phippen, A. (2008), “Security beliefs and barriers for novice Internet users”, Computers & Security, Vol. 27 Nos 7-8, pp. 235-240.
23. Gross, J.B. and Rosson, M.B. (2007), “Looking for trouble”, Proceedings of the 2007 Symposium on Computer Human Interaction for the Management of Information Technology – CHIMIT’07, ACM Press, New York, NY, p. 10.
24. Hagen, J., Albrechtsen, E. and Ole Johnsen, S. (2010), “The long-term effects of information security e-learning on organizational learning”, Information Management & Computer Security, Vol. 19 No. 3, pp. 140-154.
25. ITU (2014), “The world in 2014: ICT facts and figures”, International Telecommunication Union, available at: www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2014-e.pdf (accessed 29 April 2015).
26. Johansson, A. and Götestam, K.G. (2004), “Internet addiction: characteristics of a questionnaire and prevalence in norwegian youth (12-18 years)”, Scandinavian Journal of Psychology, Vol. 45 No. 3, pp. 223-229.
27. Johnson, E.C. (2006), “Security awareness : switch to a better programme”, Network Security, February, Vol. 2006 No. 2, pp. 15-18.
28. Karjalainen, M. and Siponen, M. (2011), “Toward a new meta-theory for designing information systems (IS) security training approaches”, Journal of the Association for Information Systems, Vol. 12 No. 8, pp. 518-555.
29. Kim, E.B. (2013), “Recommendations for information security awareness training for college students”, Information Management & Computer Security, Vol. 22 No. 1, pp. 115-126.
30. Kitchenham, B. (2004), Procedures for Performing Systematic Reviews, Keele University, Keele.
31. Kritzinger, E. and von Solms, S.H. (2010), “Cyber security for home users: a new way of protection through awareness enforcement”, Computer & Security, Vol. 29 No. 8, pp. 840-847.
32. Kruger, H.A. and Kearney, W.D. (2006), “A prototype for assessing information security awareness”, Computers & Security, Vol. 25 No. 4, pp. 289-296.
33. Kruger, H., Drevin, L. and Steyn, T. (2010), “A vocabulary test to assess information security awareness”, Information Management & Computer Security, Vol. 18 No. 5, pp. 316-327.
34. Labuschagne, W.A., Veerasamy, N., Burke, I. and Eloff, M.M. (2011), “Design of cyber security awareness game utilizing a social media framework”, Information Security South Africa (ISSA), 15-17 August, Johannesburg, pp. 1-9.
35. Levy, Y. and Ellis, T.J. (2006), “A systems approach to conduct an effective literature review in support of information systems research”, Informing Science Journal, Vol. 9 No. 1, pp. 181-212.
36. Leiner, B.M., Cerf, V.G., Clark, D.D., Kahn, R.E., Kleinrock, L., Lynch, D.C., Postel, J., Roberts, L.G. and Wolff, S.S. (1997), “The past and future history of the internet”, Communication of the ACM Vol. 40 No. 2, pp. 102-108.
37. Livingstone, S., Bober, M. and Helsper, E. (2005), “Internet literacy among children and young people: findings from the UK children go online project” LSE Research Online, London, available at: http://eprints.lse.ac.uk/archive/00000397 (accessed 5 July 2014).
38. Loibl, T.R. (2005), “Identity theft, spyware and the law”, Proceedings of the 2nd Annual Conference on Information Security Curriculum Development, Kennesaw, GA, pp. 118-121.
39. Mani, D., Raymond Choo, K.K. and Mubarak, S. (2013), “Information security in the South Australian real estate industry: a study of 40 real estate organisations”, Information Management & Computer Security, Vol. 22 No. 1, pp. 24-41.
40. May, C. (2008), “Approaches to user education”, Network Security, Vol. 2008 No. 9, pp. 15-17.
41. Mertens, D.M. and Wilson, A.T. (2012), Program Evaluation Theory and Practice: A Comprehensive Guide, Guilford Press, New York.
42. Newman, G.R. and Mcnally, M.M. (2005), Identity Theft Literature Review, US Department of Justice, p. 114.
43. Newman, R.C. (2006), “Cybercrime, identity theft, and fraud: practicing safe internet – network security threats and vulnerabilities”, Proceedings of the 3rd Annual Conference on Information Security Curriculum Development – InfoSecCD ’06, 22-23 September, Kennesaw, GA.
44. O’Keeffe, G.S., Clarke-Pearson, K. and Council on Communications and Media (2011), “The impact of social media on children, adolescents, and families”, Pediatrics, Vol. 127 No. 4, pp. 800-804.
45. Pannah, E. (2010), Cybersecurity in Electronic Commerce: Effect of Safeguarding Personal Data on Identity Theft, University of Maryland, College Park, MD.
46. Parsons, K., McCormac, A., Pattinson, M., Butavicius, M. and Jerram, C. (2013), “A study of information security awareness in Australian government organisations”, Information Management & Computer Security, Vol. 22 No. 4, pp. 334-345.
47. Peltier, T.R. (2005), “Implementing an information security awareness program”, Information Systems Security, Vol. 14 No. 2, pp. 37-49.
48. Power, E.M. (2007), “Developing a culture of privacy: a case study”, IEEE Security & Privacy Magazine, Vol. 5 No. 6, pp. 58-60.
49. Rantos, K., Fysarakis, K. and Manifavas, C. (2012), “How effective is your security awareness program? An evaluation methodology”, Information Security Journal: A Global Perspective, Vol. 21 No. 6, pp. 328-345.
50. Rezgui, Y. and Marks, A. (2008), “Information security awareness in higher education: an exploratory study”, Computers & Security, Vol. 27 Nos 7-8, pp. 241-253.
51. Rossi, P.H., Lipsey, M.W. and Freeman, H.E. (2004), Evaluation: A Systematic Approach, Sage Publications Inc., San Francisco, CA.
52. Shaw, R.S., Chen, C.C., Harris, A.L. and Huang, H.-J. (2009), “The impact of information richness on information security awareness training effectiveness”, Computers & Education, Vol. 52 No. 1, pp. 92-100.
53. Siponen, M.T. (2000), “A conceptual foundation for organizational information security awareness”, Information Management & Computer Security, Vol. 8 No. 1, pp. 31-41.
54. Sithira, V. and Nguwi, Y. (2014), “A study on the adolescent online security issues”, International Journal of Multidisciplinary and Current Research, Vol. 2, May/June, pp. 596-601.
55. Slusky, L. and Partow-Navid, P. (2012), “Students information security practices and awareness”, Journal of Information Privacy and Security, Vol. 8 No. 4, pp. 3-26.
56. Talib, S., Clarke, N.L. and Furnell, S.M. (2010), “An analysis of information security awareness within home and work environments”, 2010 International Conference on Availability, Reliability and Security, pp. 196-203.
57. Tan, K.E., Ng, M.L. and Saw, K.G. (2010), “Online activities and writing practices of urban Malaysian adolescents”, System, Vol. 38 No. 4, pp. 548-559.
58. Thomson, M.E. and von Solms, R. (1998), “Information security awareness: educating your users effectively”, Information Management & Computer Security, Vol. 6 No. 4, pp. 167-173.
59. Tsohou, A., Kokolakis, S., Karyda, M. and Kiountouzis, E. (2008), “Investigating information security awareness: research and practice gaps”, Information Security Journal: A Global Perspective, Vol. 17 Nos 5-6, pp. 207-227.
60. Valentine, J.A. and Labs, I. (2006), “Enhancing the employee security awareness model”, Computer Fraud & Security, Vol. 2006 No. 6, pp. 17-19.
61. WenJie, W., Yufei, Y. and Archer, N. (2006), “A contextual framework for combating identity theft”, IEEE Security & Privacy Magazine, Vol. 4 No. 2, pp. 30-38.
62. Whitson, J. (2009), “Identity theft and the challenges of caring for your virtual self”, Interactions, Vol. 16 No. 2, p. 41.
63. Youn, S. (2005), “Teenagers’ perceptions of online privacy and coping behaviors: a risk – benefit appraisal approach”, Journal of Broadcasting & Electronic Media, Vol. 49 No. 1, pp. 86-110.
64. Ajzen, I. (1985), “From intentions to actions: a theory of planned behaviour”, in Kuhl, J. and Beckmann, J. (Eds), Action Control, Springer, Berlin Heidelberg, pp. 11-39.
65. Royse, D., Thyer, B.A., Padgett, D.K. and Logan, T.K. (2001), Program Evaluation an Introduction, Wadsworth Cengage Learning, Belmont, CA.
66. Stanton, J.M., Stam, K.R., Mastrangelo, P. and Jolton, J. (2005), “Analysis of end user security behaviors”, Computers & Security, Vol. 24 No. 2, pp. 124-133.
67. Yarbrough, D.B., Shulha, L.M., Hopson, R.K. and Caruthers, F.A. (2011), The Program Evaluation Standards: A Guide for Evalators and Evaluation Users, Sage Publications, San Francisco, CA.