Information Security Awareness Policy: An Annotated Bibliography

Verified

Added on 2023/06/03

AI Summary

This annotated bibliography focuses on Information Security Awareness Policy, compiling research papers relevant to policy development. It includes annotations of articles such as "Information Security Awareness at the Knowledge-Based Institution" by Lubis and Lubis, which emphasizes the necessity of security awareness policies and suggests measures like strong passwords and software updates. Another entry, "Information Security Awareness Training" from Northern Arizona University, advocates for training sessions to educate employees about malware threats. The bibliography also covers "An Effective Method for Information Security Awareness Raising Initiatives" by Mackay and Balikhina, which proposes methods for introducing security awareness and discusses IT threats. Finally, it references Peltier's work on security policies and procedures, highlighting the importance of security awareness training and data backup. Each annotation summarizes the paper's key points and relevance to developing an effective Information Security Awareness Policy.

Information Security Awareness Policy

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1 | P a g e
Table of Contents
Introduction...........................................................................................................................................1
Information Security Awareness Policy................................................................................................1
Conclusion.............................................................................................................................................2

2 | P a g e
Introduction
Information security is a practise that is used to prevent unauthorised user to access
the data. It make sure that confidentiality, integrity and availability of data. The information
security can be achieved by using antivirus software, firewall, encryption software and
training standards. In this few articles related to information security awareness that says that
various laws and regulations are used so that they can access the data, process and store in a
way that they are secure. All the information awareness policy that is used makes sure that
confidentiality, integrity and availability is met. Information security awareness policy is
used so that employees become aware about the security threats. Information security
awareness policies are used so that risk management could be handled. Information security
states that data should be encrypted so that even in case of leakage data is not leaked. It is
also suggested that data signatures should be used so that authentication is met.
Information Security Awareness Policy
1. Lubis, A. and Lubis, M. (2017). Information Security Awareness at the Knowledge-
Based Institution: Its Antecedents and Measures. Available from
https://www.sciencedirect.com/science/article/pii/S1877050915036121 Accessed on 14
oct 21018
The article that is referred is “Information Security Awareness at the Knowledge-Based
Institution”, written by Abdul Rahman Ahlan and Muharman Lubis. In this article author
stated that that security awareness policies are needed in every organisation so that negative
effects could be encountered. Various security solutions are suggested like use of strong
passwords to access the computer. In the article it was suggested that software should be kept
up to date so that viruses are not penetrated into the system. It is also mentioned in the article
that file sharing should be avoided as it adds risk to the computer system. The sensitive
information should be encrypted so that even if the files are leaked the information is not
accessed by anyone. Information security awareness policy states that proper access control
list should be defined so that only valid and authenticated uses are able to access the
information. In this article findings are useful as they encourage stakeholders and employees
to understand information security policy behaviour. Information security threats are
increasing due to which security breaches are increasing. Thus, information security
procedures are listed so that data could be protected from all the malicious attacks.
2. Northern university, A. (2017). INFORMATION SECURITY AWARENESS
TRAINING. Available from
https://nau.edu/university-policy-library/wp-content/uploads/sites/26/Information-
Security-Awareness-Training.pdf Accessed on 14 oct 21018.
The second article that is analysed is “Information security awareness” written by northern
Arizona University. In this article author stated that awareness should be spread by training
session so all the employees become aware about the malwares that are present. It is
important to do as it was recently seen that employees are not aware about the malwares. The

3 | P a g e
reason of this policy is to make sure that all the authorised users have the understanding about
the security threats and risks. It is recommended by the author that this policy must be used to
secure the information. If comparing the suggestion with the author of the above article. It is
found in this article author states that users should become aware first and in the above article
some of the ways are offered through which data could be secured. The policy in the article
states that information security training should be developed so that current threats and
emerging threats could be resolved. Author states that prevention should be taken regarding
all the malicious activities so that information remains protected.
3. Mackay, M. and Balikhina, T. (2017). AN EFFECTIVE METHOD FOR
INFORMATION SECURITY AWARENESS RAISING INITIATIVES. Available from
http://airccse.org/journal/jcsit/5213ijcsit06.pdf Accessed on 14 oct 21018.
The third article that is analysed is “An effective method for information security awareness
raising initiatives” written by AliMaqousi1, TatianaBalikhina and Michael Mackay. In this
article author proposed various ways through which information security awareness could be
introduced. Apart from that they offered the threats that exist in the system so that users can
become aware about the IT threats. Then they are trained so that they can use the knowledge
to mitigate from the threats. The information security awareness program was developed by
the author that covers various steps; the first stage is analysis stage that identifies the security
concerns and the second stage is implementation stage that spreads the awareness and then
future designs maintain plan. In this paper, security awareness programs that are needed by
an organisation are discussed. The security culture can be created by increasing the user
awareness by making use of strong password. The author suggested that a security awareness
team should be kept that keep employees updated about all the security threats and
vulnerabilities. This paper addresses the need of security awareness in an organisation. It
makes sure that user become aware about the security concerns so that they can maintain
privacy of information.
4. Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards:
guidelines for effective information security management. Auerbach Publications.
It is clearly said that security polices and procedure are important and every employee should
receive security awareness training so that attacks could be mitigated. It suggested that every
business should offer security awareness training in an organisation. It is important to educate
the staff so that they can handle the entire situation and sensitive information could be
protected. The security awareness program covers the best way through which information
breaches could be avoided, the author suggested that information and sensitive data should be
backed up so that it case of failure data could be recovered easily. Business continuity
management plan is defined so that even in case of failure information could be recovered.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4 | P a g e
Conclusion
It can be concluded from the first article that data should be encrypted so that it can be
accessed only by valid user and others are not able to access the information. It makes sure
that security breaches are reduced. The other article recommended that training sessions
should be there in an organisation so that staffs become aware about the threats and risk.
Apart from that, in eth other article author suggested that access control list should be
maintained so that only valid users are able to access the information.