Human factor and information security in higher education

被引:15
作者
Metalidou, Efthymia [1 ]
Marinagi, Catherine [2 ]
Trivellas, Panagiotis [2 ]
Eberhagen, Niclas [1 ]
Giannakopoulos, Georgios [3 ]
Skourlas, Christos [3 ]
机构
[1] Department of Informatics, Linnaeus University, Vaxjo
[2] Technological Educational Institute of Central Greece, Thiva
[3] Department of Informatics, Technological Educational Institute of Athens, Athens
关键词
Human factors; Information security; Information security awareness; Reliability;
D O I
10.1108/JSIT-01-2014-0007
中图分类号
学科分类号
摘要
Purpose – The purpose of this paper is to investigate the association of lack of awareness and human factors and the association of lack of awareness and significant attacks that threat computer security in higher education. Design/methodology/approach – Five human factors and nine attacks are considered to investigate their relationship. A field research is conducted on Greek employees in higher education to identify the human factors that affect information security. The sample is consisted of 103 employees that use computers at work. Pearson correlation analysis between lack of awareness and nine (9) computer security risks is performed. Findings – Examining the association of lack of awareness with these attacks that threat the security of computers, all nine factors of important attacks exert significant and positive effect, apart from phishing. Considering the relationship of lack of awareness to human factors, all five human factors used are significantly and positively correlated with lack of awareness. Moreover, all nine important attacks, apart from one, exert a significant and positive effect. Research limitations/implications – The paper extends understanding of the relationship of the human factors, the lack of awareness and information security. The study has focused on employees of the Technological Educational Institute (TEI) of Athens, namely, teachers, administrators and working post-graduate students. Originality/value – The paper has used weighted factors based on data collection in higher education to calculate a global index for lack of awareness, as the result of the weighted aggregation of nine (9) risks, and extends the analysis performed in the literature to evaluate the effectiveness of security awareness in computer risk management. © Emerald Group Publishing Limited.
引用
收藏
页码:210 / 221
页数:11
相关论文
共 50 条
[21]   Developing a scale for measuring the information security awareness of stakeholders in higher education institutions [J].
Rohan, Rohani ;
Chutimaskul, Wichian ;
Roy, Rita ;
Hautamaki, Jari ;
Funilkul, Suree ;
Pal, Debajyoti .
EDUCATION AND INFORMATION TECHNOLOGIES, 2025,
[22]   A Framework for Integrating Gamification in Information Security Awareness Programmes for Higher Education Students [J].
Kapery, Ghafsa ;
Snyman, Dirk .
INFORMATION SECURITY EDUCATION-CHALLENGES IN THE DIGITAL AGE, WISE 2024, 2024, 707 :50-64
[23]   Information security management frameworks and strategies in higher education institutions: a systematic review [J].
Jorge Merchan-Lima ;
Fabian Astudillo-Salinas ;
Luis Tello-Oquendo ;
Franklin Sanchez ;
Gabriel Lopez-Fonseca ;
Dorys Quiroz .
Annals of Telecommunications, 2021, 76 :255-270
[24]   Human factor, a critical weak point in the information security of an organization's Internet of things [J].
Hughes-Lartey, Kwesi ;
Li, Meng ;
Botchey, Francis E. ;
Qin, Zhen .
HELIYON, 2021, 7 (03)
[25]   Information Security and Data Protection: The Role of the "Human Factor" in Organizations [J].
Hugl, Ulrike .
PROCEEDINGS OF THE 8TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2009, :80-87
[26]   Information Security management: A human challenge? [J].
Department of Informatics and Sensors, Cranfield University, Swindon, SN6 8LA, United Kingdom .
Inf Secur Tech Rep, 2008, 4 (195-201) :195-201
[27]   A Conceptual Analysis of Information Security Education, Information Security Training and Information Security Awareness Definitions [J].
Amankwa, Eric ;
Loock, Marianne ;
Kritzinger, Elmarie .
2014 9TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2014, :248-252
[28]   A STUDY ON INTEGRATING PENETRATION TESTING INTO THE INFORMATION SECURITY FRAMEWORK FOR MALAYSIAN HIGHER EDUCATION INSTITUTIONS [J].
Kang, C. M. ;
JosephNg, P. S. ;
Issa, K. .
2015 INTERNATIONAL SYMPOSIUM ON MATHEMATICAL SCIENCES AND COMPUTING RESEARCH (ISMSC), 2015, :156-161
[29]   Human factor in information security: mapping risk behaviors in the digital environment [J].
Alves, Angela Rayne Nogueira ;
Alves, Jean Marcel Hora ;
Vasconcelos, Igor Oliveira ;
da Cruz, Cleide Ane Barbosa .
TEXTO LIVRE-LINGUAGEM E TECNOLOGIA, 2024, 17
[30]   Human factors affecting information security in libraries [J].
Amini, Masoumeh ;
Vakilimofrad, Hossein ;
Saberi, Mohammad Karim .
BOTTOM LINE, 2021, 34 (01) :45-67