Abstract

One of the factors that contributes to unauthorized parties releasing confidential company information, including employee personal information, is a lack of awareness of employee information security. This is a critical concern that needs to be addressed immediately by strengthening the company's information security culture and raising employee awareness of security. To enhance the clarity and emphasis of the reform policy, it is crucial to evaluate employee awareness of information security. This paper discusses several approaches that have been employed, either as models or frameworks, to evaluate an organization's level of information security awareness. With the aid of inclusion and exclusion criteria, we chose 16 papers out of the 842 that were included in the systematic literature review. Three components are commonly used to assess information security awareness: knowledge (what is already known), attitude (what is thought to be appropriate to do), and habit (what is usually done). Measurements that encompass these three aspects employ the Knowledge, Attitude, and Behavior (KAB) paradigm. This study might be a reference for organizations to measure their employees’ security awareness. Several findings are also discussed in this paper.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.