当前位置: X-MOL 学术Comput. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Enhancing employees information security awareness in private and public organisations: A systematic literature review
Computers & Security ( IF 5.6 ) Pub Date : 2021-04-16 , DOI: 10.1016/j.cose.2021.102267
Khando Khando , Shang Gao , Sirajul M. Islam , Ali Salman

Preserving the confidentiality, integrity and availability (CIA) of an organisation's sensitive information systems assets against attacks and threats is a challenge in this digital age. Organisations worldwide make huge investments in information security technological countermeasures. Nonetheless, organisations in many cases fail to protect their information assets as they rely mainly on technical solutions which are not contextually compatible and sufficient. As a matter of fact, a significant number of organisational information security incidents are due to the exploitation of human elements that directly and/or indirectly cause the majority of security incidents. Therefore, employees’ information security awareness (ISA) becomes one of the critical aspects of protection against undesirable information security behaviours. However, to date, there is limited synthesised knowledge about methods for enhancing ISA and integrated insights on factors affecting employees’ ISA levels. This study, therefore, provides a systematic review of the literature on ISA and puts forward a state-of-the-art collection of ISA methods and factors for enhancing employees’ ISA within both private and public sector organisations. The results indicate that various methods and factors are used to enhance employees’ ISA in organisations. Theoretical models and gamification are the methods widely used in both private and public organisations, whereas the constructivist approach and violation detections are some of the methods used only in private organisations. Furthermore, this study offers some insights into the latest trends in ISA content development methods and factors, and fosters good ISA practice by disseminating information and knowledge amongst Information Security professionals to help them build an overarching ISA development programme in their organisations.



中文翻译:

在私人和公共组织中增强员工的信息安全意识:系统的文献综述

在这个数字时代,保护组织敏感信息系统资产的机密性,完整性和可用性(CIA)免受攻击和威胁是一个挑战。全世界的组织在信息安全技术对策上进行了大量投资。但是,组织在许多情况下仍无法保护其信息资产,因为它们主要依赖于上下文不兼容且不够充分的技术解决方案。实际上,大量组织信息安全事件是由于直接或间接导致大多数安全事件的人为因素引起的。因此,员工的信息安全意识(ISA)成为防止不良信息安全行为的关键方面之一。然而,迄今为止,关于增强ISA的方法的综合知识有限,并且对影响员工的ISA水平的因素也缺乏综合见解。因此,本研究对ISA的文献进行了系统的回顾,并提出了最新的ISA方法和因素集合,以增强私营和公共部门组织中员工的ISA。结果表明,在组织中使用了各种方法和因素来增强员工的ISA。理论模型和游戏化是私有和公共组织中广泛使用的方法,而建构主义方法和违规检测是仅在私有组织中使用的一些方法。此外,这项研究还提供了有关ISA内容开发方法和因素的最新趋势的一些见解,

更新日期:2021-04-30
down
wechat
bug