Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A method for implementing an information security awareness campaign within an organisation
Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement the...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Information Systems
2020
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613195596726272 |
|---|---|
| access_status_str | Open Access |
| author | Scrimgeour, Juan-Marc |
| author2 | Ophoff, Jacobus |
| author_browse | Ophoff, Jacobus Scrimgeour, Juan-Marc |
| author_facet | Ophoff, Jacobus Scrimgeour, Juan-Marc |
| author_sort | Scrimgeour, Juan-Marc |
| collection | Thesis |
| description | Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement these controls to ensure the effectiveness of the training. This research set out to define and evaluate a method for implementing an Information Security Awareness Campaign within an organisation based on existing research and standards while assisting the organisation in improving their information security awareness campaign through the creation of artifacts and measurement techniques. A design science research approach guided the research to evaluate changes in the information security awareness campaign implementation method through several research cycles. The method was implemented within an organisation and evaluated based on the impact, effectiveness and results of each step as well as the feedback from participants. The research found both positive and negative results throughout the method. Specific steps within the method proved to be lengthy, time-consuming and confusing to participants. Although many improvements can yet be made, the method was suitable as it achieved the required objective within the organisation. The research outcome provided a risk-based method with a visual representation that demonstrated the lack of awareness of specific information security awareness topics to the organisation. The results of the study not only provided value to the organisation but provided a tried and tested method for implementing an Information Security Awareness Campaign within other organisations. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/31786 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:32:17.361Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2020 |
| publishDateRange | 2020 |
| publishDateSort | 2020 |
| publisher | Department of Information Systems |
| publisherStr | Department of Information Systems |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/31786 A method for implementing an information security awareness campaign within an organisation Scrimgeour, Juan-Marc Ophoff, Jacobus Information Systems Research has shown that educating end-users on information security awareness plays an essential part in securing any environment. While best practice standards provide a set of minimum information security awareness controls that should be implemented, little guidance exists on how to implement these controls to ensure the effectiveness of the training. This research set out to define and evaluate a method for implementing an Information Security Awareness Campaign within an organisation based on existing research and standards while assisting the organisation in improving their information security awareness campaign through the creation of artifacts and measurement techniques. A design science research approach guided the research to evaluate changes in the information security awareness campaign implementation method through several research cycles. The method was implemented within an organisation and evaluated based on the impact, effectiveness and results of each step as well as the feedback from participants. The research found both positive and negative results throughout the method. Specific steps within the method proved to be lengthy, time-consuming and confusing to participants. Although many improvements can yet be made, the method was suitable as it achieved the required objective within the organisation. The research outcome provided a risk-based method with a visual representation that demonstrated the lack of awareness of specific information security awareness topics to the organisation. The results of the study not only provided value to the organisation but provided a tried and tested method for implementing an Information Security Awareness Campaign within other organisations. 2020-05-06T02:48:23Z 2020-05-06T02:48:23Z 2019 2020-05-06T01:47:35Z Master Thesis Masters MCom https://hdl.handle.net/11427/31786 eng application/pdf Department of Information Systems Faculty of Commerce |
| spellingShingle | Information Systems Scrimgeour, Juan-Marc A method for implementing an information security awareness campaign within an organisation |
| thesis_degree_str | Master's |
| title | A method for implementing an information security awareness campaign within an organisation |
| title_full | A method for implementing an information security awareness campaign within an organisation |
| title_fullStr | A method for implementing an information security awareness campaign within an organisation |
| title_full_unstemmed | A method for implementing an information security awareness campaign within an organisation |
| title_short | A method for implementing an information security awareness campaign within an organisation |
| title_sort | method for implementing an information security awareness campaign within an organisation |
| topic | Information Systems |
| url | https://hdl.handle.net/11427/31786 |
| work_keys_str_mv | AT scrimgeourjuanmarc amethodforimplementinganinformationsecurityawarenesscampaignwithinanorganisation AT scrimgeourjuanmarc methodforimplementinganinformationsecurityawarenesscampaignwithinanorganisation |