Enhancing information security awareness and computer ethics for non-information technology company using integrated model

Abstract

Information security is not a major concern for a company that have minimal exposure to information technology (IT). Information Security Awareness and Computer Ethic were two important elements in securing company asset in terms information security. One of the most critical factors in information security controls identified is information security policy. The purpose of this study is to gauge the level of enforcement and effectiveness of computer ethic and information security policy from user’s perspective. This project involved three phases data collection, namely preliminary study, interview and survey. The preliminary study allows an exploratory activity through observation and informal interview session in understanding the organizational working environment and IT practices. After that, an interview with an IT manager, IT staff and ordinary user is set to understand the current IT practices in the organization. Next, a survey questionnaire is distributed randomly to all staff of the organization to gauge the level of users’ perception on the information security policy and computer ethics. Referring to the statistical data tabulated from the respondent’s feedback on the survey, more than half of the users perceived that they are unaware of security awareness practices in the organization. This study also proposed a theoretical framework model for the effectiveness of the organization’s information security policy and computer ethics. The integration framework of these security models is identified to be a useful basis for reference to the information security practitioner for non IT company.