People are the answer to security: establishing a sustainable Information Security Awareness Training (ISAT) program in organization

Educating the users on the essential of information security is very vital and important to the mission of establishing a sustainable information security in any organization and institute. At the University Technology Malaysia (UTM), we have recognized the fact that, it is about time information se...

Full description

Saved in:
Bibliographic Details
Main Authors: Olusegun, Oyelami Julius, Ithnin, Norafida
Format: Article
Published: 2013
Subjects:
Online Access:http://eprints.utm.my/id/eprint/40980/
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Malaysia
Description
Summary:Educating the users on the essential of information security is very vital and important to the mission of establishing a sustainable information security in any organization and institute. At the University Technology Malaysia (UTM), we have recognized the fact that, it is about time information security should no longer be a lacking factor in productivity, both information security and productivity must work together in closed proximity. We have recently implemented a broad campus information security awareness program to educate faculty member, staff, students and non-academic staff on this essential topic of information security. The program consists of training based on web, personal or individual training with a specific monthly topic, campus campaigns, guest speakers and direct presentations to specialized groups. The goal and the objective are to educate the users on the challenges that are specific to information security and to create total awareness that will change the perceptions of people thinking and ultimately their reactions when it comes to information security. In this paper, we explain how we created and implemented our information security awareness training (ISAT) program and discuss the impediment we encountered along the process. We explore different methods of deliveries such as target audiences, and probably the contents as we believe might be vital to a successful information security program. Finally, we discuss the importance and the flexibility of establishing a sustainable information security training program that could be adopted to meet current and future needs and demands while still relevant to our current users.