A method for implementing an information security awareness campaign within an organisation
| dc.contributor.advisor | Ophoff, Jacobus | |
| dc.contributor.author | Scrimgeour, Juan-Marc | |
| dc.date.accessioned | 2020-05-06T02:48:23Z | |
| dc.date.available | 2020-05-06T02:48:23Z | |
| dc.date.issued | 2019 | |
| dc.date.updated | 2020-05-06T01:47:35Z | |
| dc.description.abstract | Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement these controls to ensure the effectiveness of the training. This research set out to define and evaluate a method for implementing an Information Security Awareness Campaign within an organisation based on existing research and standards while assisting the organisation in improving their information security awareness campaign through the creation of artifacts and measurement techniques. A design science research approach guided the research to evaluate changes in the information security awareness campaign implementation method through several research cycles. The method was implemented within an organisation and evaluated based on the impact, effectiveness and results of each step as well as the feedback from participants. The research found both positive and negative results throughout the method. Specific steps within the method proved to be lengthy, time-consuming and confusing to participants. Although many improvements can yet be made, the method was suitable as it achieved the required objective within the organisation. The research outcome provided a risk-based method with a visual representation that demonstrated the lack of awareness of specific information security awareness topics to the organisation. The results of the study not only provided value to the organisation but provided a tried and tested method for implementing an Information Security Awareness Campaign within other organisations. | |
| dc.identifier.apacitation | Scrimgeour, J. (2019). <i>A method for implementing an information security awareness campaign within an organisation</i>. (). ,Faculty of Commerce ,Department of Information Systems. Retrieved from | en_ZA |
| dc.identifier.chicagocitation | Scrimgeour, Juan-Marc. <i>"A method for implementing an information security awareness campaign within an organisation."</i> ., ,Faculty of Commerce ,Department of Information Systems, 2019. | en_ZA |
| dc.identifier.citation | Scrimgeour, J. 2019. A method for implementing an information security awareness campaign within an organisation. . ,Faculty of Commerce ,Department of Information Systems. | en_ZA |
| dc.identifier.ris | TY - Thesis / Dissertation AU - Scrimgeour, Juan-Marc AB - Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement these controls to ensure the effectiveness of the training. This research set out to define and evaluate a method for implementing an Information Security Awareness Campaign within an organisation based on existing research and standards while assisting the organisation in improving their information security awareness campaign through the creation of artifacts and measurement techniques. A design science research approach guided the research to evaluate changes in the information security awareness campaign implementation method through several research cycles. The method was implemented within an organisation and evaluated based on the impact, effectiveness and results of each step as well as the feedback from participants. The research found both positive and negative results throughout the method. Specific steps within the method proved to be lengthy, time-consuming and confusing to participants. Although many improvements can yet be made, the method was suitable as it achieved the required objective within the organisation. The research outcome provided a risk-based method with a visual representation that demonstrated the lack of awareness of specific information security awareness topics to the organisation. The results of the study not only provided value to the organisation but provided a tried and tested method for implementing an Information Security Awareness Campaign within other organisations. DA - 2019 DB - OpenUCT DP - University of Cape Town KW - Information Systems LK - https://open.uct.ac.za PY - 2019 T1 - A method for implementing an information security awareness campaign within an organisation TI - A method for implementing an information security awareness campaign within an organisation UR - ER - | en_ZA |
| dc.identifier.uri | https://hdl.handle.net/11427/31786 | |
| dc.identifier.vancouvercitation | Scrimgeour J. A method for implementing an information security awareness campaign within an organisation. []. ,Faculty of Commerce ,Department of Information Systems, 2019 [cited yyyy month dd]. Available from: | en_ZA |
| dc.language.rfc3066 | eng | |
| dc.publisher.department | Department of Information Systems | |
| dc.publisher.faculty | Faculty of Commerce | |
| dc.subject | Information Systems | |
| dc.title | A method for implementing an information security awareness campaign within an organisation | |
| dc.type | Master Thesis | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationname | MCom |