Information and Knowledge Management

The need to protect information systems as much as possible from security threats and risks has risen in the last few decades due to the increase and sophistication of threats. The purpose of this dissertation is to examine the methods used to implement Information Security Awareness (ISA) programs. And also to investigate how the perceived effectiveness of ISA programs in preventing and mitigating security threats and risks organisations face, is assessed. The inductive research approach was used to explore the human side of the information security problem and how this impacts the perceived effectiveness of ISA programs. Then a prototype of a model to assess an ISA program was replicated. The results indicated that the awareness level of the region used for the implementation was average, meaning the ISA program was not as effective as it was expected to be. The model provides a guide to both researchers and practitioners in assessing ISA programs and obtaining statistical data or empirical data in order to prove how effective it is.

Keywords: Information Security Awareness, Information Security Policy, Information System, Security threats/risks and Perceived Effectiveness.