Measuring users' level of information security awareness : research and development of sample questions
Tämän gradun tarkoituksena on käsiteanalyysin avulla hahmottaa tärkeimpiä omaisuuksia tietoturvatietoisuudesta ja tavoista levittää sitä, tutustua niihin tarkemmin, ja muodostaa näistä perusteltuja ja käyttäjille olennaisia kysymyksiä joilla selvittää käyttäjän tietoturvatietoisuutta. Aiheen tarkempi läpikäynti on tärkeää, sillä aiemmissa tutkimuksissa on havaittu, että käyttäjät kertovat noudattavansa tietoturvapolitiikoita, vaikka tarkemmin tutkittaessa eivät tienneet tai ymmärtäneet tietoturvapolitiikoiden sisältöä. Kysymysten muodostamisessa otetaan huomioon myös muita käsiteanalyysi vaiheessa selvinneitä piirteitä, joilla tehdä kysymyksistä parempia. Tuloksena esitetään 20 esimerkkikysymystä, sekä ehdotuksia kysymysten muodostamiseen sekä niiden käyttämiseen. The purpose of this thesis is to develop questions to measure level of users’ understating of information security awareness. Researching the subject is important, because earlier studies have discovered that users who respond positively to questions about whether they follow information security policies might not actually even know what those policies consist of, which may be result of not understanding them. This is achieved by using concept analysis to identify features of information security awareness, which are then studied further to gain better understanding of whether they are relevant for users or not, and to make well-argued questions. We will also utilize other identified ways to make questions better. Thus, we will present 20 example questions, and suggestions on how to develop them to achieve best results.
Keywords
Metadata
Show full item recordCollections
- Pro gradu -tutkielmat [29561]
Related items
Showing items with similar title or keywords.
-
Toward a stage theory of the development of employees' information security behavior
Karjalainen, Mari; Siponen, Mikko; Sarker, Suprateek (Elsevier, 2020)Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain ... -
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ... -
Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions
Siponen, Mikko; Soliman, Wael; Vance, Anthony (ACM, 2022)In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security ... -
Method Framework for Developing Enterprise Architecture Security Principles
Larno, Sara; Seppänen, Ville; Nurmi, Jarkko (RTU Press, 2019)Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke ... -
Developing Organization-Specific Information Security Policies by using Critical Thinking
Kinnunen, Hanna; Siponen, Mikko (Association for Information Systems, 2018)