In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » 6th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012)
6th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012) |
Title: Creating a Security Culture Development Plan and a case study
Author(s): Omar Olivos
Reference: pp13-32
Keywords: Security Culture, Information Security, Social Engineering, Education Training and Awareness
Abstract: When developing training and awareness programs, information security specialists usually fail to consider the human element as an important component of the program. They tend to focus on security policies and technical aspects leaving aside the human aspect of information security. We argue that it is necessary that the characteristics of the employees (roles and learning styles), the compliance with the current policies, the state of the security culture and the mission, vision and strategic planning of the organization be considered when setting up a security culture development plan. This paper describes the steps that should be followed to develop a Security Culture and reports a case study in an organisation where the development plan was applied.
Download count: 2695
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.