A method for implementing an information security awareness campaign within an organisation

 

Show simple item record

dc.contributor.advisor Ophoff, Jacobus
dc.contributor.author Scrimgeour, Juan-Marc
dc.date.accessioned 2020-05-06T02:48:23Z
dc.date.available 2020-05-06T02:48:23Z
dc.date.issued 2019
dc.identifier.citation Scrimgeour, J. 2019. A method for implementing an information security awareness campaign within an organisation. . ,Faculty of Commerce ,Department of Information Systems. en_ZA
dc.identifier.uri https://hdl.handle.net/11427/31786
dc.description.abstract Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement these controls to ensure the effectiveness of the training. This research set out to define and evaluate a method for implementing an Information Security Awareness Campaign within an organisation based on existing research and standards while assisting the organisation in improving their information security awareness campaign through the creation of artifacts and measurement techniques. A design science research approach guided the research to evaluate changes in the information security awareness campaign implementation method through several research cycles. The method was implemented within an organisation and evaluated based on the impact, effectiveness and results of each step as well as the feedback from participants. The research found both positive and negative results throughout the method. Specific steps within the method proved to be lengthy, time-consuming and confusing to participants. Although many improvements can yet be made, the method was suitable as it achieved the required objective within the organisation. The research outcome provided a risk-based method with a visual representation that demonstrated the lack of awareness of specific information security awareness topics to the organisation. The results of the study not only provided value to the organisation but provided a tried and tested method for implementing an Information Security Awareness Campaign within other organisations.
dc.subject Information Systems
dc.title A method for implementing an information security awareness campaign within an organisation
dc.type Master Thesis
dc.date.updated 2020-05-06T01:47:35Z
dc.language.rfc3066 eng
dc.publisher.faculty Faculty of Commerce
dc.publisher.department Department of Information Systems
dc.type.qualificationlevel Masters
dc.type.qualificationname MCom
dc.identifier.apacitation Scrimgeour, J. (2019). <i>A method for implementing an information security awareness campaign within an organisation</i>. (). ,Faculty of Commerce ,Department of Information Systems. Retrieved from en_ZA
dc.identifier.chicagocitation Scrimgeour, Juan-Marc. <i>"A method for implementing an information security awareness campaign within an organisation."</i> ., ,Faculty of Commerce ,Department of Information Systems, 2019. en_ZA
dc.identifier.vancouvercitation Scrimgeour J. A method for implementing an information security awareness campaign within an organisation. []. ,Faculty of Commerce ,Department of Information Systems, 2019 [cited yyyy month dd]. Available from: en_ZA
dc.identifier.ris TY - Thesis / Dissertation AU - Scrimgeour, Juan-Marc AB - Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement these controls to ensure the effectiveness of the training. This research set out to define and evaluate a method for implementing an Information Security Awareness Campaign within an organisation based on existing research and standards while assisting the organisation in improving their information security awareness campaign through the creation of artifacts and measurement techniques. A design science research approach guided the research to evaluate changes in the information security awareness campaign implementation method through several research cycles. The method was implemented within an organisation and evaluated based on the impact, effectiveness and results of each step as well as the feedback from participants. The research found both positive and negative results throughout the method. Specific steps within the method proved to be lengthy, time-consuming and confusing to participants. Although many improvements can yet be made, the method was suitable as it achieved the required objective within the organisation. The research outcome provided a risk-based method with a visual representation that demonstrated the lack of awareness of specific information security awareness topics to the organisation. The results of the study not only provided value to the organisation but provided a tried and tested method for implementing an Information Security Awareness Campaign within other organisations. DA - 2019 DB - OpenUCT DP - University of Cape Town KW - Information Systems LK - https://open.uct.ac.za PY - 2019 T1 - A method for implementing an information security awareness campaign within an organisation TI - A method for implementing an information security awareness campaign within an organisation UR - ER - en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record