Information Security: Awareness and Training Program in the Middle East Universities
Keywords:Information Security, Awareness Program,
An effective Security Awareness and Training (SAT) program enables organizational members to understand the organizationâ€™s security strategies, know their responsibilities, and control risks that are caused by security incidents. Therefore, deploying a SAT program is one of the most important steps for any organization to assure that information assets are appropriately secured. The aim of this paper is into folds: first, to gain an insight and determine the information security awareness and training program levels in Middle Eastern higher education sector through a case study that examined 182 institute websites over eight countries. Second, to provide recommendations based on the findings that aid information security professionals to establish a new or improved existing awareness and training program. Literature showed that no study has been done on the SAT program at the level of the Middle Eastern region. However, there was a need to this investigation and therefore, it was a pioneering study at the region level in the field of information security.
â€¢ Androulidakis, I. & Kandus, G. What university students do (or donâ€™t) know about security in their mobile phones. Telfor Journal, vol. 3, no. 1, 2011.
â€¢ Androulidakis, I., & Papapetros, D. Survey findings towards awareness of mobile phonesâ€™ security issues. Proceedings of the 7th WSEAS International Conference on Data Networks, Communications, and Computers, 2008.
â€¢ Bere, A. Using mobile instant messaging to leverage learner participation and transform pedagogy at a South African University of Technology. British Journal of Educational Technology. Vol. 44, no.4, pp. 544â€“561, 2013.
â€¢ Chan, H. & Mubarak, S. Significance of Information Security Awareness in the Higher Education Sector. International Journal of Computer Applications, vol. 60, no. 10, pp. 887 â€“ 975, 2012.
â€¢ Defense Security Service (DSS). Retrieved February, 201, from http://www.cdse.edu/index.html, 2018.
â€¢ Eyadat, M. Information security SETA program status at Jordanian Universities. Journal of Information Privacy and Security, Volume 11, no 3, pp 174 â€“ 181. 2015.
â€¢ Eyadat, M., & Al Sharyoufi, R. Students awareness toward mobile wireless technologies security issues at college of computer science & computer engineering-Taibah University. The Journal of International Management Studies, vol. 14, no. 3, pp. 35-46, 2014.
â€¢ Fatani, H.A., Zamzami, I.F., Aydin, M., & Aliyu, M. Awareness toward wireless security policy: Case study of International Islamic University Malaysia. In the Proceeding of Information and Communication Technology for the Muslim World (ICT4M), 5th International Conference, pp.1 â€“ 5, 2013.
â€¢ Goel S. & Chengalur-Smith I. Metrics for characterizing the form of security policies. Journal Strategic Inf Syst, vol. 19, no. 4, pp281-295, 2010.
â€¢ Gurman, B. & Roback, E. National institute of standards and technology, an introduction to computer Security: The NIST SP800-12, 1995.
â€¢ Montesdioca, G. P. Z., and MaÃ§ada, A. C. G. Measuring user satisfaction with information security practices. Journal Computers and Security. Vol. 48, Issue, pp 267-280, 2015.
â€¢ Hjort, B. HIPAA Privacy and Security Training. AHiMA Body of Knowledge website, Retrieved April, 13, 2017 from http://library.ahima.org/xpedio/groups/secure/documents/ahima/bok1_022114.hcsp
â€¢ Katz, F. The effect of a university information security survey on instructing methods in information security. Proceeding on Information Security Curriculum Development, pp.43-48, 2005.
â€¢ Kim, E. B. Information security awareness status of full time employees. The Business Review, Cambridge, vol. 3, no.2, pp. 219-226, 2005.
â€¢ Kim, E. B. Recommendations for information security awareness training for college students. Information Management & Computer Security. Vol. 22, no.1, pp. 115-126, 2014.
â€¢ Kim, S.H., Mims, C., & Holmes, K.P. An introduction to current trends and benefits of mobile wireless technology use in higher education. AACE Journal, vol. 14, no. 1, pp. 77-100, 2006.
â€¢ Kritzinger, E. & Smith, E. Information security management: An information security retrieval and awareness model for industry. Computers & security, vol. 27, pp. 224â€“231, 2008.
â€¢ Kruger, H.A., Kearney W. D. A prototype for assessing information security awareness. Computers & Security, Vol. 25, Issue 4, pp 289-296, 2006.
â€¢ Marks, A., & Rezgu, Y. A comparative study of information security awareness in higher education based on the concept of design theorizing. In the proceeding of IEEE, pp 1-7, 2009.
â€¢ Nazareth, D. L., & Choi J. "A system dynamics model for information security management", Journal of Information & Management, Vol. 52 Issue 1, pp 123-134, 2015.
â€¢ SANS, Online security training. Retrieved May, 10, 2017, from http://www.sans.org/online-security-training/
â€¢ Shaw, R., Chen, C., Harris, A., & Huang, H., The impact of information richness on information security awareness training effectiveness. Computers & Educations, vol. 22, no. 1, PP. 92â€“100, 2009.
â€¢ Spears, J. & Barki, H., User participation in information systems security risk management, MIS Quarterly, vol. 34, no. 3, pp. 503-22, 2010.
â€¢ Traxler, J., Defining, discussing and evaluating mobile learning: The moving finger writes and having writ. International Review on Research in Open and Distance Learning, 8(2). Retrieved September, 30, 2017, from http://www.irrodl.org/index.php/irrodl/article/view/346/875
â€¢ Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E., Analyzing trajectories of information security awareness. Information Technology & People, vol. 25 No. 3, pp. 327-352, 2012.
â€¢ Veiga, A, & Martins N., Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, vol. 49, pp. 162-176, 2015
â€¢ Whitman, M. E. & Mattord, H. J., Making users mindful of IT security; awareness training is vital to keeping the idea of IT security uppermost in employeesâ€™ minds. Security Management, vol.48, no. 11, pp. 32-34, 2004,
â€¢ Whitman, M. E. & Mattord, H. J., Principles of information security (4th Ed.). Course Technology, Boston, USA, 2012.
â€¢ Whitman, M. E., & Mattord, H.J., Management of information security (4th Ed.). Course Technology, Boston, USA, 2014.
â€¢ Wilson, M. & Hash, J., National institute of standards and technology, building an information technology security awareness and training program: The NIST SP800-50, 2005.
â€¢ Workplace Answers, Prevent Cyber Vulnerability: Online Training in Data Privacy and Security. Retrieved May, 10, 2018, from http://www.campusanswers.com/data-privacy-and-security/
â€¢ Wu, Y., Guynes, C., & John, W., Security awareness programs. Review of Business Information Systems â€“ Fourth Quarter, vol. 16, no. 4, 2012
â€¢ Yeo, A., Rahim, M. & Miri L., Understanding factors affecting success of information security risk assessment: the case of an Australian higher educational institution. In the Proceedings of the Pacific Asia Conference on Information Systems, Auckland, 2007.
How to Cite
- Papers must be submitted on the understanding that they have not been published elsewhere (except in the form of an abstract or as part of a published lecture, review, or thesis) and are not currently under consideration by another journal published by any other publisher.
- It is also the authors responsibility to ensure that the articles emanating from a particular source are submitted with the necessary approval.
- The authors warrant that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required.
- The authors ensure that all the references carefully and they are accurate in the text as well as in the list of references (and vice versa).
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Attribution-NonCommercial 4.0 International that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- The journal/publisher is not responsible for subsequent uses of the work. It is the author's responsibility to bring an infringement action if so desired by the author.