User awareness and effectiveness of IT security.

Information Technology transformed the way people executed their tasks at work. With the information security policy and security technology in place, it was assumed that an organization would be secured and less vulnerable to security attacks. However, humans were more often than not the weakest li...

Full description

Saved in:
Bibliographic Details
Main Author: Fu, YongZhang.
Other Authors: Jin Cheon Na
Format: Theses and Dissertations
Language:English
Published: 2011
Subjects:
Online Access:http://hdl.handle.net/10356/46429
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-46429
record_format dspace
spelling sg-ntu-dr.10356-464292019-12-10T12:58:17Z User awareness and effectiveness of IT security. Fu, YongZhang. Jin Cheon Na Wee Kim Wee School of Communication and Information DRNTU::Engineering::Computer science and engineering::Information systems Information Technology transformed the way people executed their tasks at work. With the information security policy and security technology in place, it was assumed that an organization would be secured and less vulnerable to security attacks. However, humans were more often than not the weakest link in the security defense line. Many organizations often overlooked the importance of monitoring employee’s behavior and setting their attitude and mindset right in dealing with security events. The research is to investigate user awareness and effectiveness of Information Technology security measures. The research target would be a Singapore-based Information Technology multi-national corporation. There are three research objectives. The first objective is to investigate the effectiveness of an organization information security policy with its employees. The second objective is to investigate the effectiveness of an organization security training and education program being offered to the employees. The last objective is to investigate the effectiveness of computer monitoring technology in an organization as a deterrent approach. The study data was collected using a survey questionnaire that was distributed to 100 personnel with 74% response rate from the same department of the organization. The study identifies four findings. Firstly, the use of security policies, security training and computer monitoring has an effect on perceived certainty of sanctions and perceived severity of sanctions. Secondly, human resource department of an organization is an important first line gateway to screen and assess the applicants’ moral values. Thirdly, Singapore’s government initiative to publish the computer misuse act and an organization information security policy are useful to create a deterrence effect on the employees. Lastly, punishment for any computer related crime proves to be useful in increasing awareness among employees. This research highlighted the importance of incorporating security policy, security training and security technologies as a three-layer approach to deter computer misuse intention. There was a relationship among policy readership, punishment and computer misuse intention. To enhance the defense against computer security incidents, organizations are encouraged to convince their employees to read and understand the organization information security policy and Singapore’s computer misuse act. I have identified one new finding which is that most of the engineers failed to understand the definition of phishing even though their work was highly related to computer usage. Security training is vital to update the employees with the latest security knowledge. Lastly, I have concluded that installing computer security technologies to monitor and keep track of employees’ behavior proved to be a well-spent investment to curb and deter future computer misuse intention. Master of Science (Information Studies) 2011-12-06T02:12:04Z 2011-12-06T02:12:04Z 2011 2011 Thesis http://hdl.handle.net/10356/46429 en Nanyang Technological University 108 p. application/pdf
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering::Information systems
spellingShingle DRNTU::Engineering::Computer science and engineering::Information systems
Fu, YongZhang.
User awareness and effectiveness of IT security.
description Information Technology transformed the way people executed their tasks at work. With the information security policy and security technology in place, it was assumed that an organization would be secured and less vulnerable to security attacks. However, humans were more often than not the weakest link in the security defense line. Many organizations often overlooked the importance of monitoring employee’s behavior and setting their attitude and mindset right in dealing with security events. The research is to investigate user awareness and effectiveness of Information Technology security measures. The research target would be a Singapore-based Information Technology multi-national corporation. There are three research objectives. The first objective is to investigate the effectiveness of an organization information security policy with its employees. The second objective is to investigate the effectiveness of an organization security training and education program being offered to the employees. The last objective is to investigate the effectiveness of computer monitoring technology in an organization as a deterrent approach. The study data was collected using a survey questionnaire that was distributed to 100 personnel with 74% response rate from the same department of the organization. The study identifies four findings. Firstly, the use of security policies, security training and computer monitoring has an effect on perceived certainty of sanctions and perceived severity of sanctions. Secondly, human resource department of an organization is an important first line gateway to screen and assess the applicants’ moral values. Thirdly, Singapore’s government initiative to publish the computer misuse act and an organization information security policy are useful to create a deterrence effect on the employees. Lastly, punishment for any computer related crime proves to be useful in increasing awareness among employees. This research highlighted the importance of incorporating security policy, security training and security technologies as a three-layer approach to deter computer misuse intention. There was a relationship among policy readership, punishment and computer misuse intention. To enhance the defense against computer security incidents, organizations are encouraged to convince their employees to read and understand the organization information security policy and Singapore’s computer misuse act. I have identified one new finding which is that most of the engineers failed to understand the definition of phishing even though their work was highly related to computer usage. Security training is vital to update the employees with the latest security knowledge. Lastly, I have concluded that installing computer security technologies to monitor and keep track of employees’ behavior proved to be a well-spent investment to curb and deter future computer misuse intention.
author2 Jin Cheon Na
author_facet Jin Cheon Na
Fu, YongZhang.
format Theses and Dissertations
author Fu, YongZhang.
author_sort Fu, YongZhang.
title User awareness and effectiveness of IT security.
title_short User awareness and effectiveness of IT security.
title_full User awareness and effectiveness of IT security.
title_fullStr User awareness and effectiveness of IT security.
title_full_unstemmed User awareness and effectiveness of IT security.
title_sort user awareness and effectiveness of it security.
publishDate 2011
url http://hdl.handle.net/10356/46429
_version_ 1681046901700427776