Improving Organisational Information Security Management: The Impact of Training and Awareness

Abstract

Security breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect of information security and their impact on organisation's network integrity. This research aims to study the critical success factors (CSF) for employees in order to comply with the organisational information security policy with a view to mitigating security breaches. Information security can be managed through three separate mechanisms: organisational factors, behavioural factors and training. Each of these elements impact differently on information security and comprehensive solutions include combinations of all three. The findings provide empirically evaluated information regarding the obstacles and the effective factors in employees' compliance with the implementation of the information security policy. The identified categories of factors are followed differently by employees working in Health, Business and Education. Questionnaire analysis as part of this study suggests that employees in the health sector comply the most in adhering with information security policy as compared to other sectors. One of the reasons for this is that health sector employees have better awareness, robust communication and effective training programmes with reinforcement and satisfaction. Moreover, employees in the health sector believe in the norms of security policies and have a positive attitude, as they recognise the significance of security policies, unlike the business and education sectors.