Measuring the Effectiveness of Information Security Awareness Program
Master thesis
Permanent lenke
http://hdl.handle.net/11250/143980Utgivelsesdato
2011Metadata
Vis full innførselSamlinger
Sammendrag
Many researchers and experts in the information security field stress that the user is the weakest
link in the chain when it comes to information security and security assets of an organization.
The human error is still the key concept that might threaten and seriously damage assets of the
organization. Consequently, the challenge for many (if not most) institutions and organizations
today, is to improve the information security awareness of the end user. Identifying the program
that best influences and improves the user’s knowledge, attitude, and behavior towards information
security, is yet highly important. In order to identify this program, a method for assessing
and measuring the effectiveness of information security awareness program is applied in this
study. In the previous literature many methods for assessing and measuring the information security
awareness are found,but there is not even one research found that shows effectiveness of
the awareness program. Therefore, in this thesis a case study, and an experiment is realized in
practice to examine, and represent the effectiveness of the information security awareness program.
In this study information security awareness training is realized. The level of awareness
among the participants in regard to information security is assessed and measured before and
after the awareness training. The purpose of this is to let the effectiveness of the awareness
training be highlighted, shown, and to find out to what extended it is effective. The methodology
used to accomplish this task is: the online surveys and the interviews.