The Feasibility of Raising Information Security Awareness in an Academic Environment Using SNA

Part 2: Information Security Training and AwarenessInternational audienceThe human aspect is one of the key success factors in information security (InfoSec). Its impact on InfoSec is so significant that multiple studies have shown that a balanced approach combining technology and security awareness is needed in order to maintain the integrity of an organisation’s security. At present, one of the methods most often used to address InfoSec awareness is to develop security awareness programmes that can be used to educate its users within an organisation. This method has several drawbacks; however, as such programmes might not be comprehensive enough, or quick enough to address newer threats. It can furthermore lead to the users developing InfoSec fatigue, which renders most attempts at improving security awareness pointless. These problems are compounded by non-traditional organisational structures, such as those found in educational institutions, where both students and staff should be made aware of information security risks on a regular basis. In order to address the potential information security awareness problem at educational institutions, this paper investigates the feasibility of using Social Network Analysis (SNA) to improve existing security awareness programmes. Following a brief introduction to SNA, two illustrative examples are offered to show that SNA presents a viable option to improve programmes for raising information security awareness in an academic environment, by allowing for the effective selection of ideal target locations