Greener Journal of Internet, Information and Communication Systems

Excellence and Timeliness

Change Language

Manjeese et al

Greener Journal of Internet, Information and Communication Systems. Vol. 2 (1), pp. 001-010, April 2015.  

ISSN: 2354-2373

Research Paper

Manuscript Number: 051114383


DOI: http://doi.org/10.15580/GJIICS.2015.1.051114383)

 

A closer look on the awareness of information security amongst Zimbabwean universities’ staff: A case study of Great Zimbabwe University

 

*1Manjeese Caleb, 2Mawere Talent, 3Sai Kundai Oliver and 4Denhere Prosper Tafadzwa

 

1,2,3Great Zimbabwe University

4Midlands State University

 

E-mails: cmanjeese83 @gmail. com1, talentmawere @gmail. com2, kundiesai @yahoo. com3, denherepee@yahoo .co.uk4

 

*Corresponding Author’s E-mail: cmanjeese83 @ gmail.com, Phone: +263773262360 


Abstract


The research was conducted at a university in Zimbabwe to determine the information security awareness of its employees. The literature review conducted showed that information security awareness training is important in any organization which is serious about securing its information assets. The researchers used closed response questionnaire to gather data about the respondents’ awareness, attitudes and behaviors. The responses were analysed using SPSS and the researcher chose to use descriptive statistics in the process as they are easy to comprehend. The generality of the respondents showed lack of information awareness training as shown by their responses which indicated their attitudes and behaviors. The researchers came up with a number of recommendations such as the establishment of an independent information security department, scheduled information security awareness training (ISAT) programmes, that are evaluated over time.


Keywords: Information security, awareness, attitudes, behaviors, training.



References


Cisco, Data Leakage Worldwide: The Effectiveness of Security Policies, http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-503131.html,  Cisco

 

Clawson, P. What Every CEO Should Know About IT Security, Lumension

 

Colin Campbell (2014). The Baltimore Sun, February 20, 2014 More than 309,000 identities exposed in University of Maryland cyber attack

 

ENISA, (2007). Information security awareness initiatives: Current practises and measurement of successes. ENISA and PricewaterhouseCoopers LLP,

 

Francis Kaitano (2010) Information Security Governance: Missing Link In Corporate Governance, TechZim.   http://www.techzim.co.zw/2010/05/information-security-governance-missing-link-in-corporate-governance/

 

Johnson, E.M. & Goetz,E. (2007). Embedding Information Security into the Organization, IEEE Computer Society

 

Martin Manjak, (2006). Social Engineering Your Employees to Information Security, SANS InstituteInfoSec Reading Room

 

MIT(2014) What Are the Risks to Data?, https://ist.mit.edu/security/data_risks

 

Okenyi, P.O., Owens, T.J. (2007). "On the anatomy of human hacking", Information Systems Security, Vol. 16 pp.302-314

 

PwC Survey (2013). Changing the Game Key Findings from the Global State of Information Security Survey 2013, available at www.pwc.com/gx/en/consulting-services/information-security-survey/assets/2013-giss-report.pdf,

 

Rebecca Herold (2010). Why Information Security Training and Awareness Are Important,  Information Systems Security,

 

Robin Sharp,(2007). ed, Internet Safety and Security Surveys: A Review, Informatics and Mathematical Modelling ,Technical University of Denmark

 

SecureInfo Corporation (2007). Information Security Awareness Report: The Government Workers’ Perspective, Welz & Weisel Communications

 

Shaw, E.D.  Ruby,K.G. and Post, M. (1998). The Insider Threat To Information Systems, Political Psychology Associates, ltd

 

Stanford University (2014). Information Security Office-Overview and Charter, http://web.stanford.edu/group/security/

 

Support Center Security (2014). Data Security Incidents: Prevention & Response Procedures at UMass Amherst, https://www.oit.umass.edu/support/security/data-security-incidents-prevention-response-procedures-umass-amherst

 

Technet (2014). Responding to IT Security Incidents http://technet.microsoft.com/en-us/library/cc700825.aspx, Microsoft

 

Techtarget (2014). Should an organization centralize its information security division? Http://searchsecurity.techtarget.com/answer/Should-an-organization-centralize-its-information-security-division

 

The Security Company International (2014). The Awareness Security Survey.

 

Winnipeg, (2008). Assessment of Information Security Awareness: Information Security Awareness-Final Report, Winniperg, Audit Department

 

The Massachussetts General Laws (2009). The Massachusetts Data Security Law and Regulation.


Call for Papers/Books

Call for Scholarly Articles


Authors from around the world are invited to send scholary articles that suits the scope of this journal. The journal is currently open to submissions and will process and publish articles monthly in two yearly issues.


The journal is centered on quality and goes about its processes in a very timely fashion. Seasoned editors/reviewers will be consulted to review each article(s), profer quality evaluations and polish the articles with expertise before publication.


Simply send your article(s) as an e-mail attachment to manuscripts@acad.gjournals.org or manuscripts.igj@gmail.com.


Call for Books


You are also invited to submit your books for online or print publication. We publish books related to all academic subject areas.    Submit as an e-mail attachment to books@acad.gjournals.org.

             



Search

Login Form

Other Journals


Newsletter