Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The human connection to information security: A qualitative study on policy development, communication and compliance in government agencies
University of Skövde, School of Informatics.
2023 (English)Independent thesis Basic level (degree of Bachelor), 20 credits / 30 HE creditsStudent thesisAlternative title
Den mänskliga kopplingen till informationssäkerhet : En kvalitativ studie om policyutveckling, kommunikation och efterlevnad inom statliga myndigheter (Swedish)
Abstract [en]

The human factor and insider threats play a crucial role in information security. In today’s digital age, protecting organizational data requires a deep understanding of human behaviour and its impact on information security. The increasing volume of electronically stored data has led to a rise in cyber threats and breaches, necessitating effective information security policies and regulations.

This study focuses on the experiences and perspectives of employees and top management in government agencies regarding the development, communication, compliance, and attitudes towards information security policies and regulations. Semi-structured interviews were conducted with participants from both top management or information security officers and regular employees, which allowed for an in-depth exploration of their experiences and perspectives.

The findings show that government agencies systematically develop policies by engaging stakeholders, ensuring accessibility, and adhering to legal frameworks. Addressing the human factor involves training, awareness programs, and top management support. Policy development and implementation include risk assessment, stakeholder identification, objective setting, continuous review, and integration into daily operations. Communication channels such as intranets, training, coordinators, and awareness events are utilized, but their effectiveness is not directly measured. Proposed improvements include enhancing accessibility, improving policy document management, and using clearer language.

Employees generally possess a positive attitude towards information security, though their understanding varies, and challenges to their understanding include complex language and unclear instructions. Compliance also varies, with difficulties arising from technical terminology and information overload. Enhanced compliance can be achieved through simplified language, providing better resources, and top management support. Proactive incident management focuses on learning and risk minimization. The human factor and insider threats remain significant concerns, which emphasizes the need for further education, awareness training, and motivation. 

Place, publisher, year, edition, pages
2023. , p. vi, 88
Keywords [en]
Communication, compliance, development, effectiveness, government agencies, human factor, information security, information security awareness, information security culture, information security management system, information security policy, insider threat
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-22780OAI: oai:DiVA.org:his-22780DiVA, id: diva2:1772736
Subject / course
Informationsteknologi
Educational program
Information Systems
Supervisors
Examiners
Available from: 2023-06-21 Created: 2023-06-21 Last updated: 2023-06-21Bibliographically approved

Open Access in DiVA

fulltext(1120 kB)297 downloads
File information
File name FULLTEXT01.pdfFile size 1120 kBChecksum SHA-512
9ec65b9672da37e96295afa5cc062752d1bd5d7c5f5a6745ff4dbee6306d5f5b35888778f2dbf9a8fdf4edb7a8c498512c0426780e7338532ea829cae61e7d7a
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 299 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 716 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf