Open access repository

Home Open access repository

In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).

» Openaccess proceedings » Second International Conference on Human Aspects of Information Security & Assurance (HAISA 2008)

Second International Conference on Human Aspects of Information Security & Assurance (HAISA 2008)

Second International Conference on Human Aspects of Information Security & Assurance (HAISA 2008)
Plymouth, UK, July 8-9, 2008
ISBN: 978-1-84102-189-8

Title: Cultivating an Atmosphere of Proactive Computer
Security to Mitigate Limited End-User Awareness
Author(s): Martyn Styles, Theodore Tryfonas
Reference: pp48-55
Keywords: Security management, Awareness, Human Element, Policy Automation
Abstract: It is becoming increasingly important that employees are taken through a more rigorous
security-awareness training programme, in order to protect their personal computer and the
networks behind it and to ‘protect them from themselves’. Virus and spam writers have begun
to try to fool employees with ‘social engineering’ techniques, which prey on an employee’s
willingness to believe in an email sender-name or inquisitiveness stirred by the email subject
title. The purpose of this case study paper is to demonstrate that, no matter how complex
computer security systems are, effort should be concentrated and focused on employees to
improve their security awareness. Each employee needs to become a ‘Security Deputy’ to the
company’s computer security staff and he or she needs to take some responsibility for
preventing security breaches – whether inside the workplace or not. In this paper we
investigate whether it is possible to remove the ability of users to compromise computer
security. As it is easy to unwittingly spread a virus, or open security vulnerabilities, should
users be held responsible for their actions? Such actions might damage a company’s systems
perhaps even more than malicious employees, through simple ignorance of security issues.
Later in this work we explore the options available to increase the security awareness to a
higher level, including automating security policy enforcement that will be examined as a
method of removing the ‘human element’.
Download count: 1243

How to get this paper:

Download a free PDF copy of this paperBuy this book at Lulu.com

PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.