Document Type

Conference Proceeding

Publisher

IEEE

Faculty

Computing, Health and Science

School

School of Computer & Security Science/Security Research Centre (secAU)

RAS ID

10318

Comments

This article was originally published as: Talib, S., Clarke, N. , & Furnell, S. (2010). An Analysis of Information Security Awareness within Home and Work Environments. Proceedings of International Conference on Availability, Reliability and Security (ARES). (pp. 196-203). . Krakow, Poland. IEEE. Original article available here

© 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Abstract

As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect yourself is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations, with a few national programs focused upon home users. Given people's use of technology is primarily focused upon those two areas: the workplace and home, this paper seeks to understand the knowledge and practice relationship between these environments. Through the survey that was developed, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. It was also found that user's were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that, whilst deployed in the organization, will develop an all-round individual security culture for users independent of the environment within which they are operating.

DOI

10.1109/ARES.2010.27

Access Rights

free_to_read

 
COinS
 

Link to publisher version (DOI)

10.1109/ARES.2010.27