SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
The weakest link in the field of information security that has been identified in the literature is the organisation’s employees. Information security policy compliance is one of the main challenges facing organisations today. Although implementing technical and procedural measures clearly helps to improve an organisation's information security, the human factor or the employees' compliance with these measures is the key to success. However, organisations are now having some issues regarding the extent of employee adherence to policy. The problem of employees being unaware or ignorant of their responsibilities in relation to information security is still an open issue. The proposed idea in this paper will seek to enhance end user adherence to information security policies by proposing a framework for security policy compliance monitoring and targeted awareness raising. The foremost aim of this framework is to increase users’ awareness of the importance of following information security policies. Continuously subjecting users to targeted awareness and monitoring their adherence to information security policies should enhance the effectiveness of such awareness efforts. The proposed framework is a part of on-going research and is intended to provide a foundation for future research on a dynamic adaption of users’ behaviour with information security policies.