An Information Security Awareness Program to Address Common Security Concerns in IT Unit

Educated and trained people are critical success factor in any IT work environment to minimize threats or misuse of the organizational assets that may damage the growth, excellence, and efficiency of any business. However, humans are always the weakest point in any security plan. Awareness is by far the most successful technique that does not cost much when compared with training and education and may reduce the total expenditure on security. Having a properly planned information security awareness program greatly impact the raising of the awareness level among the organization's staff. Information Technology unit represents a critical success factor in knowledge management and plays a major role in the decision-making process within any organization. We assess that the initial step in delivering any security awareness plan to the business should start from within IT unit, and this is aligned with the perception that security is the sole responsibility of the IT department. Most of the former studies proposed general information security awareness programs and guidelines, but few of them targeted IT unit. The purpose of this research is to propose an information security awareness program (ISAP) to be used by IT unit to enhance the level of information security standard regardless of the organization type. Our research study differs from other studies in that we targeted the IT unit when building ISAP. Furthermore, we identify several awareness knowledge areas for each subdivision.