• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.299-309
• /
• 2022

Human factor represents a very challenging issue to organizations. Human factor is responsible for many cybersecurity incidents by noncompliance with the organization security policies. In this paper we conduct a comprehensive review of the literature to identify strategies to address human factor. Security awareness, training and education program is the main strategy to address human factor. Scholars have consistently argued that importance of security awareness to prevent incidents from human behavior.

• Asia pacific journal of information systems
• /
• v.18 no.4
• /
• pp.1-26
• /
• 2008

Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior. To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant. Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity. This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords. Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effectiveness of password from cognitive aspect of information systems users.

• Journal of Navigation and Port Research
• /
• v.36 no.3
• /
• pp.261-271
• /
• 2012

The purpose of the present study is to empirically examine factors that affect the information security awareness and perceived information security risk of employees of port companies. In particular, in order to identify factors that affect the perceived information security risks, we investigated the relation of assets, threats, and vulnerabilities to it, using the risk analysis methodology. With A total of 252 valid questionnaires, we also performed the structural equation modeling analysis using AMOS. It was found that first, there was no meaningful relationship between the information assets and the perceived information security risk in the case of employees of port companies. Second, threats and vulnerabilities turned out to have positive influences on the perceived information security risk. Finally, there was a positive relationship not only between the information security awareness and the information security education, but also between the information security awareness and the intention of information security. However, there was no meaningful relationship between the information security concern and the information security awareness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.91-108
• /
• 2010

Universities are one of leading R&D institutes, however, their scarce security investment allows research information to leak outside. This paper proposes methods for improving security level of academic institutes to protect research information by analyzing security awareness and activities. To do that, we verified the current status of information security and awareness level by analyzing the survey which was conducted for a member of Seoul National University. As a result of statistical analysis using correlation, analysis of variance, multi regression and so on, we concluded that it is essential to improve security awareness, activities, professor's security level and management process for research labs. Thus, we suggest the following methods, security awareness and knowledge development through education, security management for research labs through provision, introduction of data protection softwares and physical control of visitors which are to be adopted to improve security level.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.147-158
• /
• 2016

The purpose of this study was to investigate the influence of watching 'Real Man' program on university student s' military image and security awareness. For the purpose of the study, 392 university students in Seoul, Chungcheong and Jeolla were selected. With the collected data, factorial analysis, t-test, frequency analysis, one-way analysis of variance, and multiple regression analysis were performed through SPSS 21.0. First, according to personal characteristic and watching degree, there were differences in military image and security awareness. There were significant differences in rationality, coherence, familiarity, violence, authority among sub factors of military image and in perspective about policy towards North Korea, persepectives about North Korea, military threats of North Korea, security will among sub factors of security awareness. Second, military image of university students who watched 'Real Man' had an influence on security awareness. Military image had an meaningful influence on perspective about North Korea, military threats of North Korea, security will among sub factors of security awareness.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.27-37
• /
• 2014

While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with information security procedures. The best way to ensure the viability of a security policy is to make sure users understand it and accept necessary precautions. From an organization's perspective, a lack of security knowledge and awareness on the part of employees is a major problem. However, previous studies suggest that effect of security awareness education is inconsistent. Thus, this study is to find the answer why security awareness education is not effective. Conclusions and implications are discussed.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.4
• /
• pp.45-64
• /
• 2017

The Purpose of this Study is to find out the Implications of the Information Security Activities of Financial Companies on the Confidence of the Information Security Officers and to find Academic and Practical Implications to Supplement the Insufficiencies. As a Result, it was Confirmed that the Information Security Officer's Confidence in Information Security for Companies and the Level of Information Security Awareness of the Employees are Increased when Financial Companies Conduct Information Protection Activities Focusing on Information Security Education, Security Incident Responses and In/Out Security.

• Journal of Navigation and Port Research
• /
• v.43 no.3
• /
• pp.179-185
• /
• 2019

Currently, despite having active movements related to port logistics security, there is lack of awareness, education, and security systems related to port technology. Before implementing port logistics security, a mutual authentication agreement should be reached through the establishment of an integrated network that can share port logistics security information in real time. In order to achieve port competitiveness and strengthen logistics service, establishment of national strategy for logistics security is necessary. However, there is an urgent need to raise the security consciousness among the port logistics organization members and enhance the information security ability which is a crucial feature of the port logistics organization. Therefore, the objective of this study is to analyze the factors affecting the information security capacity of port logistics organization members. Even though the analysis rejected the hypothesis that security regulations affect security awareness, the security activities and security awareness were significantly correlated. It also has a positive impact on the relationship between security norms and security abilities, and security awareness and security abilities.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.360-368
• /
• 2021

This study aims at knowing both the level of information security awareness in the use of social media among female secondary school students in Makkah Al-Mukarramah, and the procedures that students follow when exposed to hacking or other security problems. The study relied on the descriptive survey approach. The results showed a high percentage of social media use among the study sample, and the most used applications by the students are snapchat and Instagram applications successively. In fact, 48% of the study sample have awareness of information security, the majority of the students memorize the password in the devices, most of them do not change them, and they have knowledge of fake gates and social engineering. However, their knowledge of electronic hacking is weak, and students do not share passwords with anyone at a rate of 67%. At the same time, they do not update passwords. Moreover, most of the procedures followed by students when exposed to theft and hacking is to change the e-mail data and the password, and the results varied apart from that, which reflects the weak awareness of the students and the weakness of procedures related to information security. The study recommends the necessity to raise awareness and education of the importance of information security and safety, especially in light of what the world faces from data electronic attacks and hackings of electronic applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1197-1213
• /
• 2014

Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.