{"title":"利用HAIS-Q衡量员工的信息安全意识:XYZ公司的案例研究","authors":"Alvin Cindana, Y. Ruldeviyani","doi":"10.1109/ICACSIS.2018.8618219","DOIUrl":null,"url":null,"abstract":"Information security cannot be separated from its user behavior. Many organizations applied an information security policy, but cease at the human aspects of information security. XYZ firm has implemented information security policies and socialized it towards its employee through several ways. However, the internal control division of XYZ firm always finds violation towards information security policies every time they conduct office sweeping. This study was conducted to measure the employee’s information security awareness in XYZ firm using HAIS-Q framework that has seven focus area (password management, email usage, internet usage, social media, mobile device, information handling, and incident reporting) and weighed to three dimension of knowledge (knowledge, attitude, and behavior). The result of ISA measurement in the XYZ employee considered as good with total score 87.59. However, this study indicates that employee’s information security awareness on internet usage should be improved by the firm since it was classified as average with score 79.07.","PeriodicalId":207227,"journal":{"name":"2018 International Conference on Advanced Computer Science and Information Systems (ICACSIS)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Measuring Information Security Awareness on Employee Using HAIS-Q: Case Study at XYZ Firm\",\"authors\":\"Alvin Cindana, Y. Ruldeviyani\",\"doi\":\"10.1109/ICACSIS.2018.8618219\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information security cannot be separated from its user behavior. Many organizations applied an information security policy, but cease at the human aspects of information security. XYZ firm has implemented information security policies and socialized it towards its employee through several ways. However, the internal control division of XYZ firm always finds violation towards information security policies every time they conduct office sweeping. This study was conducted to measure the employee’s information security awareness in XYZ firm using HAIS-Q framework that has seven focus area (password management, email usage, internet usage, social media, mobile device, information handling, and incident reporting) and weighed to three dimension of knowledge (knowledge, attitude, and behavior). The result of ISA measurement in the XYZ employee considered as good with total score 87.59. However, this study indicates that employee’s information security awareness on internet usage should be improved by the firm since it was classified as average with score 79.07.\",\"PeriodicalId\":207227,\"journal\":{\"name\":\"2018 International Conference on Advanced Computer Science and Information Systems (ICACSIS)\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Advanced Computer Science and Information Systems (ICACSIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACSIS.2018.8618219\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Advanced Computer Science and Information Systems (ICACSIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACSIS.2018.8618219","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Measuring Information Security Awareness on Employee Using HAIS-Q: Case Study at XYZ Firm
Information security cannot be separated from its user behavior. Many organizations applied an information security policy, but cease at the human aspects of information security. XYZ firm has implemented information security policies and socialized it towards its employee through several ways. However, the internal control division of XYZ firm always finds violation towards information security policies every time they conduct office sweeping. This study was conducted to measure the employee’s information security awareness in XYZ firm using HAIS-Q framework that has seven focus area (password management, email usage, internet usage, social media, mobile device, information handling, and incident reporting) and weighed to three dimension of knowledge (knowledge, attitude, and behavior). The result of ISA measurement in the XYZ employee considered as good with total score 87.59. However, this study indicates that employee’s information security awareness on internet usage should be improved by the firm since it was classified as average with score 79.07.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
