User:Jagancholleti

<!DOCTYPE html>

Page Title

Situational Security Awareness

Security is not just a technical problem. It is s also a people problem, and keeping the people side of the security equation strong requires that all people in our organization have an awareness of security. This is why situational security awareness programs are so important. Protecting our personal information can help reduce our risk of identity theft. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. We should have some theory model knowledge that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention.

On the other hand, supporters argue that a majority of security incidents can be traced back to a single employee, thus making workers an organization's weakest link. Awareness training is a reliable way to stymie the insider threat and alter user behaviors. A generally perceived strike against awareness programs is that organizations struggle to quantify how successful they are. Use strong passwords with our laptop, credit, bank, and other accounts. One way to overcome this is by staging simulated social engineering attacks (penetration tests) to assess whether the number of employees falling for them is dropping. If we go this route, communicate our plans prior - but far enough out that it's still a surprise or risk an employee base that feels violated.

References:

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.