The development and evaluation of an information security awareness capability model: linking ISO/IEC 27002 controls with awareness importance, capability and risk
PhD Thesis
Title | The development and evaluation of an information security awareness capability model: linking ISO/IEC 27002 controls with awareness importance, capability and risk |
---|---|
Type | PhD Thesis |
Authors | |
Author | Poepjes, Robert |
Supervisor | Lane, Micheal |
Institution of Origin | University of Southern Queensland |
Qualification Name | Doctor of Philosophy |
Number of Pages | 243 |
Year | 2015 |
Abstract | This research examines the role that awareness has on the effectiveness of information security within an organisation. There is a lack of understanding as to This study refers to Awareness Importance as how important awareness is, or how influential awareness is, in the success of a process or control. For example, when This research is motivated by the primary question of 'to what extent does the relationship between awareness importance and awareness capability predict the There is little empirical research on how awareness influences the effectiveness of information security controls. Furthermore, scant research has been conducted on In the first phase of this research, survey data was collected from information security professionals in order to establish a benchmark Awareness Importance This research extends existing literature by contributing an approach and empirical model for measuring the required importance and capability of information security The researcher concludes that the model developed will assist organisations in identifying awareness gaps and associated risks for specific information security |
Keywords | information security, IT security, awareness, situation awareness, ISO27002, awareness importance, awareness capability, awareness risk |
ANZSRC Field of Research 2020 | 460499. Cybersecurity and privacy not elsewhere classified |
460908. Information systems organisation and management | |
Byline Affiliations | School of Management and Enterprise |
https://research.usq.edu.au/item/q32q5/the-development-and-evaluation-of-an-information-security-awareness-capability-model-linking-iso-iec-27002-controls-with-awareness-importance-capability-and-risk
Download files
3578
total views1192
total downloads8
views this month7
downloads this month