Skip to Main Content
Article navigation
Volume 22, Issue 4
7 October 2014
This article was originally published in
Information Management & Computer Security
Information Management & Computer Security Cover Image for Volume 22, Issue 4
Research Article| October 07 2014

A study of information security awareness in Australian government organisations Available to Purchase

Kathryn Parsons;
Kathryn Parsons
Defence Science and Technology Organisation, Edinburgh, SA, Australia
Kathryn Parsons can be contacted at: kathryn.parsons@dsto.defence.gov.au
Search for other works by this author on:
This Site
PubMed
Google Scholar
Agata McCormac;
Agata McCormac
Defence Science and Technology Organisation, Edinburgh, SA, Australia
Search for other works by this author on:
This Site
PubMed
Google Scholar
Malcolm Pattinson;
Malcolm Pattinson
Business School, University of Adelaide, Adelaide, SA, Australia
Search for other works by this author on:
This Site
PubMed
Google Scholar
Marcus Butavicius;
Marcus Butavicius
Defence Science and Technology Organisation, Edinburgh, SA, Australia
Search for other works by this author on:
This Site
PubMed
Google Scholar
Cate Jerram
Cate Jerram
Business School, University of Adelaide, Adelaide, SA, Australia
Search for other works by this author on:
This Site
PubMed
Google Scholar
Author & Article Information
Kathryn Parsons can be contacted at: kathryn.parsons@dsto.defence.gov.au
Publisher: Emerald Publishing
Online ISSN: 1758-5805
Print ISSN: 0968-5227
© Emerald Group Publishing Limited
2014
Information Management & Computer Security (2014) 22 (4): 334–345.
https://doi.org/10.1108/IMCS-10-2013-0078
Purpose

– The purpose of this paper is to investigate the human-based information security (InfoSec) vulnerabilities in three Australian government organisations.

Design/methodology/approach

– A Web-based survey was developed to test attitudes, knowledge and behaviour across eight policy-based focus areas. It was completed by 203 participants across the three organisations. This was complemented by interviews with senior management from these agencies.

Findings

– Overall, management and employees had reasonable levels of InfoSec awareness. However, weaknesses were identified in the use of wireless technology, the reporting of security incidents and the use of social networking sites. These weaknesses were identified in the survey data of the employees and corroborated in the management interviews.

Research limitations/implications

– As with all such surveys, responses to the questions on attitude and behaviour (but not knowledge) may have been influenced by the social desirability bias. Further research should establish more extensive baseline data for the survey and examine its effectiveness in assessing the impact of training and risk communication interventions.

Originality/value

– A new survey tool is presented and tested which is of interest to academics as well as management and IT systems (security) auditors.

Keywords:
Information risk, Information security (InfoSec), InfoSec awareness, InfoSec behaviour, InfoSec vulnerabilities
© Emerald Group Publishing Limited
2014
You do not currently have access to this content.
Don't already have an account? Register

Purchased this content as a guest? Enter your email address to restore access.

Please enter valid email address.
Email address must be 94 characters or fewer.
Pay-Per-View Access
$41.00
Rental
This article is also available for rental through DeepDyve. Read this now at DeepDyve
1,686 Views
View Metrics
Leadership styles and information security policy compliance intentions: the mediating role of psychological empowerment
Cognitive dissonance in cybersecurity – a review and research agenda
Users’ activity logs: the good, the bad, the misconception and the disastrous
Guest editorial: HAISA 2024 special issue

Suggested Reading

Assessing information security attitudes: a comparison of two studies
Information and Computer Security (June,2016)
Information risk, cost of equity and stock returns: evidence from Iranian firms
Journal of Financial Reporting and Accounting (September,2021)
Managing information security awareness at an Australian bank: a comparative study
Information and Computer Security (June,2017)
Information risk, stock returns, and asset pricing: Evidence from China
Accounting Research Journal (November,2017)
Governance mechanism to improve sustainability report quality: the impact on information risk and stock market participation
International Journal of Quality & Reliability Management (December,2023)

Recommended for you

These recommendations are informed by your reading behaviors and indicated interests.

Cited By

Google Scholar
This Feature Is Available To Subscribers Only

or Create an Account

Close Modal
Close Modal

Gift article access

As a benefit of your subscription, you can share temporary access to restricted articles.

Each link will stop working after 30 days or 10 uses. You may create up to 10 links in a 30 day period.

Please sign in to your personal account to gift article access.

Register

Gift article access

As a benefit of your subscription, you can share temporary access to restricted articles.

Each link will stop working after 30 days or 10 uses. You may create up to 10 links in a 30 day period.

Gift articles remaining: --

Gift article access

Each link will stop working after 30 days or 10 uses. You may create up to 10 links in a 30 day period.

Gift articles remaining: --

Gift article access

As a benefit of your subscription, you can share temporary access to restricted articles.

Each link will stop working after 30 days or 10 uses.

You have reached the limit of 10 links within a 30 day period.

Sharing Unavailable

Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.