INFORMATION SECURITY AWARENESS MODEL FOR INFORMATION SYSTEM

In the first decade of the 21st century, worldwide, the tremendous increase in the amount of available information and the spreading of the organization was possible through the enhancement of the access to computers and to Internet. A lack of information security awareness within some parts of society as well as some information system continues to exist today. This paper provides guidelines for building and maintaining a comprehensive awareness and training program, as part of an organization’s IT security program. The guidance is presented in a life-cycle approach. The document includes guidance on how IT security professionals can identify awareness and training needs, develop a training plan, This document also describes how to: Select awareness and training topics; Implement awareness and training program with special methods; Evaluate the effectiveness of the program in line with organizational change. Our results indicate that the constructs technical knowledge, organizational impact correlations with information security awareness. Interestingly, organizational impact generated stronger associations with information security awareness than technical knowledge.