- Title
- Towards an information security awareness process for engineering SMEs in emerging economies
- Creator
- Gundu, Tapiwa
- Subject
- Computer security -- South Africa
- Subject
- Information technology -- South Africa
- Subject
- Computer networks -- Security measures -- South Africa
- Subject
- Information resources management -- South Africa
- Subject
- Small business -- South Africa
- Subject
- Engineering firms -- South Africa
- Subject
- Confidential communications -- South Africa
- Subject
- Information Security Awareness
- Subject
- Information Security Behaviour
- Subject
- Information Security Training
- Date
- 2013
- Type
- Thesis
- Type
- Masters
- Type
- MCom (Information Systems)
- Identifier
- vital:11138
- Identifier
- http://hdl.handle.net/10353/d1007179
- Identifier
- Computer security -- South Africa
- Identifier
- Information technology -- South Africa
- Identifier
- Computer networks -- Security measures -- South Africa
- Identifier
- Information resources management -- South Africa
- Identifier
- Small business -- South Africa
- Identifier
- Engineering firms -- South Africa
- Identifier
- Confidential communications -- South Africa
- Identifier
- Information Security Awareness
- Identifier
- Information Security Behaviour
- Identifier
- Information Security Training
- Description
- With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
- Format
- 150 leaves; 30 cm
- Format
- Publisher
- University of Fort Hare
- Publisher
- Faculty of Management & Commerce
- Language
- English
- Rights
- University of Fort Hare
- Hits: 3568
- Visitors: 3625
- Downloads: 211
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCEPDF | 2 MB | Adobe Acrobat PDF | View Details |