Information Security Awareness: An Innovation Approach

Scholars and security practitioners seem to converge in the understanding that Information Security is in great part a problem about people; hence the need for a more holistic approach in order to understand human behaviour in the Information Security field which requires a multidisciplinary approach. Recent events such as the “Interdisciplinary Workshop on Security and Human Behaviour” hosted in Boston, Massachusetts in June 2008, are considering this approach and they have conveyed a multidisciplinary teamwork, composed by computer security researchers, psychologists, behavioural economists, sociologists, philosophers, among others, to address and understand the human side of security. This dissertation represents one of these efforts in approaching Information Security from different perspectives. A holistic approach would enable security practitioners to understand the human side of security and as a result be more effective on reaching the pursued security objectives. However, this approach may pose additional challenges, not just in the research field by conveying and reaching consensus among multiple disciplines, but at the organisational level. The proposed dissertation project aims to produce an Information Security Awareness framework based on Innovation theory that contributes to the active participation and behavioural change of an individual towards the acceptance and compliance of the Information Security Policies within an organisation using viral marketing techniques and alternative methods for the delivery of the security message over pre-established social networks. Prior to these proposed innovations, this dissertation examines at length Information Security Awareness from the perspectives of: management (chapter 2), psychology (chapter 3) and social networking (chapter 4) to give a balanced view of a solution to these issues