Information Security: Awareness and Training Program in the Middle East Universities

Mohammad Eyadat

Abstract


An effective Security Awareness and Training (SAT) program enables organizational members to understand the organization’s security strategies, know their responsibilities, and control risks that are caused by security incidents. Therefore, deploying a SAT program is one of the most important steps for any organization to assure that information assets are appropriately secured. The aim of this paper is into folds: first, to gain an insight and determine the information security awareness and training program levels in Middle Eastern higher education sector through a case study that examined 182 institute websites over eight countries. Second, to provide recommendations based on the findings that aid information security professionals to establish a new or improved existing awareness and training program. Literature showed that no study has been done on the SAT program at the level of the Middle Eastern region. However, there was a need to this investigation and therefore, it was a pioneering study at the region level in the field of information security.


Keywords


Information Security, Awareness Program,

Full Text:

PDF

References


• Androulidakis, I. & Kandus, G. What university students do (or don’t) know about security in their mobile phones. Telfor Journal, vol. 3, no. 1, 2011.

• Androulidakis, I., & Papapetros, D. Survey findings towards awareness of mobile phones’ security issues. Proceedings of the 7th WSEAS International Conference on Data Networks, Communications, and Computers, 2008.

• Bere, A. Using mobile instant messaging to leverage learner participation and transform pedagogy at a South African University of Technology. British Journal of Educational Technology. Vol. 44, no.4, pp. 544–561, 2013.

• Chan, H. & Mubarak, S. Significance of Information Security Awareness in the Higher Education Sector. International Journal of Computer Applications, vol. 60, no. 10, pp. 887 – 975, 2012.

• Defense Security Service (DSS). Retrieved February, 201, from http://www.cdse.edu/index.html, 2018.

• Eyadat, M. Information security SETA program status at Jordanian Universities. Journal of Information Privacy and Security, Volume 11, no 3, pp 174 – 181. 2015.

• Eyadat, M., & Al Sharyoufi, R. Students awareness toward mobile wireless technologies security issues at college of computer science & computer engineering-Taibah University. The Journal of International Management Studies, vol. 14, no. 3, pp. 35-46, 2014.

• Fatani, H.A., Zamzami, I.F., Aydin, M., & Aliyu, M. Awareness toward wireless security policy: Case study of International Islamic University Malaysia. In the Proceeding of Information and Communication Technology for the Muslim World (ICT4M), 5th International Conference, pp.1 – 5, 2013.

• Goel S. & Chengalur-Smith I. Metrics for characterizing the form of security policies. Journal Strategic Inf Syst, vol. 19, no. 4, pp281-295, 2010.

• Gurman, B. & Roback, E. National institute of standards and technology, an introduction to computer Security: The NIST SP800-12, 1995.

• Montesdioca, G. P. Z., and Maçada, A. C. G. Measuring user satisfaction with information security practices. Journal Computers and Security. Vol. 48, Issue, pp 267-280, 2015.

• Hjort, B. HIPAA Privacy and Security Training. AHiMA Body of Knowledge website, Retrieved April, 13, 2017 from http://library.ahima.org/xpedio/groups/secure/documents/ahima/bok1_022114.hcsp

• Katz, F. The effect of a university information security survey on instructing methods in information security. Proceeding on Information Security Curriculum Development, pp.43-48, 2005.

• Kim, E. B. Information security awareness status of full time employees. The Business Review, Cambridge, vol. 3, no.2, pp. 219-226, 2005.

• Kim, E. B. Recommendations for information security awareness training for college students. Information Management & Computer Security. Vol. 22, no.1, pp. 115-126, 2014.

• Kim, S.H., Mims, C., & Holmes, K.P. An introduction to current trends and benefits of mobile wireless technology use in higher education. AACE Journal, vol. 14, no. 1, pp. 77-100, 2006.

• Kritzinger, E. & Smith, E. Information security management: An information security retrieval and awareness model for industry. Computers & security, vol. 27, pp. 224–231, 2008.

• Kruger, H.A., Kearney W. D. A prototype for assessing information security awareness. Computers & Security, Vol. 25, Issue 4, pp 289-296, 2006.

• Marks, A., & Rezgu, Y. A comparative study of information security awareness in higher education based on the concept of design theorizing. In the proceeding of IEEE, pp 1-7, 2009.

• Nazareth, D. L., & Choi J. "A system dynamics model for information security management", Journal of Information & Management, Vol. 52 Issue 1, pp 123-134, 2015.

• SANS, Online security training. Retrieved May, 10, 2017, from http://www.sans.org/online-security-training/

• Shaw, R., Chen, C., Harris, A., & Huang, H., The impact of information richness on information security awareness training effectiveness. Computers & Educations, vol. 22, no. 1, PP. 92–100, 2009.

• Spears, J. & Barki, H., User participation in information systems security risk management, MIS Quarterly, vol. 34, no. 3, pp. 503-22, 2010.

• Traxler, J., Defining, discussing and evaluating mobile learning: The moving finger writes and having writ. International Review on Research in Open and Distance Learning, 8(2). Retrieved September, 30, 2017, from http://www.irrodl.org/index.php/irrodl/article/view/346/875

• Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E., Analyzing trajectories of information security awareness. Information Technology & People, vol. 25 No. 3, pp. 327-352, 2012.

• Veiga, A, & Martins N., Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, vol. 49, pp. 162-176, 2015

• Whitman, M. E. & Mattord, H. J., Making users mindful of IT security; awareness training is vital to keeping the idea of IT security uppermost in employees’ minds. Security Management, vol.48, no. 11, pp. 32-34, 2004,

• Whitman, M. E. & Mattord, H. J., Principles of information security (4th Ed.). Course Technology, Boston, USA, 2012.

• Whitman, M. E., & Mattord, H.J., Management of information security (4th Ed.). Course Technology, Boston, USA, 2014.

• Wilson, M. & Hash, J., National institute of standards and technology, building an information technology security awareness and training program: The NIST SP800-50, 2005.

• Workplace Answers, Prevent Cyber Vulnerability: Online Training in Data Privacy and Security. Retrieved May, 10, 2018, from http://www.campusanswers.com/data-privacy-and-security/

• Wu, Y., Guynes, C., & John, W., Security awareness programs. Review of Business Information Systems – Fourth Quarter, vol. 16, no. 4, 2012

• Yeo, A., Rahim, M. & Miri L., Understanding factors affecting success of information security risk assessment: the case of an Australian higher educational institution. In the Proceedings of the Pacific Asia Conference on Information Systems, Auckland, 2007.




DOI (PDF): https://doi.org/10.24203/ajcis.v6i5.5483.g2834

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.