Publication details

Home Publications Publication details

Assessing IT Security Culture: System Administrator and End-User
Finch J, Furnell SM, Dowland PS
Proceedings of ISOneWorld Conference 2003, Las Vegas, USA, April 23-25, CD Only, 2003
Download links:  Download PDF

Appropriate understanding and acceptance of IT security should now be regarded as an essential requirement within any modern business. Although a number of previous studies have been published that assess organizational attitudes, the respondents have typically been IT administrators or top-level managers, without any representation from the end-user community. As such, a genuine view of security attitudes and practices within the companies as a whole may not have been obtained. To this end, this paper presents the results of an investigation targeting both system administrators and a selection of end-users from a number of companies of varying sizes. Although the survey results did not reveal significant differences in the responses obtained from large companies versus small businesses, there was a marked contrast between some of the administrator perceptions and those of the end-users. These findings suggest a requirement for improved awareness and education within such organizations, in order to ensure that security is appropriately understood and accepted at all levels.

Finch J, Furnell SM, Dowland PS