Empirical Study on the Correlation between User Awareness and Information Security

Authors

  • Krešimir Šolić J. J. Strossmayer University of Osijek, Faculty of Medicine, Department of Biophysics, Medical Statistics and Medical Informatics Josipa Huttlera 4, Osijek, Croatia
  • Krešimir Nenadić J. J. Strossmayer University of Osijek, Faculty of Electrical Engineering, Department of Computer Science Kneza Trpimira bb, Osijek, Croatia
  • Dario Galić J. J. Strossmayer University of Osijek, Faculty of Medicine, Department of Biophysics, Medical Statistics and Medical Informatics Josipa Huttlera 4, Osijek, Croatia

Keywords:

information security, information system, security awareness, user behaviour

Abstract

There are many existing high quality technical security solutions, but ongoing cyberwar is still not suppressed, which implies that there is a need for new concepts in information security. It is possible that the problem persists because the existing technical solutions have not included human factors. Those solutions are mostly focused on the attacker but should also be focused on the user as the integral part of the safeguarded system. It is possible that the user presents the weakest element in the security chain as the internal treats are among the most frequent information security issues. In this paper the authors analyse empirical data collected by simulation of e mail user behaviour caused by their level of security awareness. Results of this study confirm hypotheses that users can significantly influence the overall information system security level as well as private and business data used in e mail communication. The aim of this paper is to stress the problem of human influence on the information system security among technicians involved in developing technical security solutions, such as software engineers developing new algorithms for spam filters.

Downloads

Published

2012-11-01

How to Cite

[1]
K. Šolić, K. Nenadić, and D. Galić, “Empirical Study on the Correlation between User Awareness and Information Security”, IJECES, vol. 3, no. 2, pp. 47-51, Nov. 2012.

Issue

Section

Case Studies