Towards Information Security Awareness
Delia Mioara Popescu
HOLISTICA. Journal of business and public administration,
security awareness, security controls, information security
Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any security system, no matter how well designed and implemented, will have to rely on people. The fact is that users, broadly defined to include both end-users and system administrators, play a key role in implementing and correctly operating and maintaining security controls. At the same time, statistics reveal that a large number of security incidents are caused by users failing to comply with security controls. There is no use to implement complex and expensive technical solutions, if measures are not taken to deal with users security awareness rising. This paper aims to draw attention over the key role of the users in ensuring the information security and the need to develop coherent information security awareness programs, as part of the information security management process in any organization. The study is based on statistics analysis regarding information security incidents and consequent losses caused by users and the results obtained by implementing specific awareness programs.