UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Information security awareness: Improving current research and practice

Ashenden, DM; (2015) Information security awareness: Improving current research and practice. Doctoral thesis , UCL (University College London).

Full text not available from this repository.


Large-scale data losses experienced across both public and private sector organisations have led to expectations that organisations will develop a culture that supports information security aims and objectives. Despite the fact that many organisations now run awareness, education and training programmes for their employees, however, information security incidents due to employee misuse of information still keep occurring. This suggests that these programmes are not working. The research presented in this thesis examines ways to better understand employees’ attitudes towards information security with a view to improving current organisational practice. The research explores whether Chief Information Security Officers are delivering organisational change for information security, before moving on to better understand employee’s attitudes and how these are translated into behaviours. The research takes a mixed-methods approach that is not often used in information security research and combines both qualitative and quantitative analytical methods, grounded in the theory of social psychology. Case studies are carried out with Chief Information Security Officers as well as at the Office of Fair Trading and Prudential plc. The research delivers a survey tool that can be used in organisations to better understand how to frame information security messages so that they achieve their aims. An expert panel of users evaluated the survey. The research concluded that end users fall into two groups – the ‘I Can Handle It Group’ and the ‘It’s Out of My Control Group’ and these substantive findings have been validated by a field experiment. By mirroring the attributions of the dominant group the field experiment demonstrates that it is possible to influence employees’ behaviour.

Type: Thesis (Doctoral)
Title: Information security awareness: Improving current research and practice
Language: English
Keywords: information security, awareness, behaviour change, attitudes
UCL classification: UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/1469598
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item