Information security awareness measuring model - A case study of Nairobi Stock Exchange systems

Abstract

Information Security awareness initiatives are seen as critical to any information security programme. Organizations are highly dependent on information management and processes and this creates a level of security alert. Statistics show that most security breaches are the result of insider misconduct, as opposed to hacking by outsiders. Often this insider misconduct is the result of ignorance rather than malfeasance. (Rhodes, 2015) It is therefore important to train users on the importance of information security and follow the policies that are in place to protect that data from theft, loss or damage. This training creates another level of defense for an organization. The research problem was that despite the fact that NSE conducted information security awareness programs to its users; there was lack of a model to measure whether the information security awareness was at an acceptable level on its users. This was deemed to be the weakest link in this security control measure. The objectives of this research were to; establish techniques used to impart information systems security awareness and their effectiveness and also to establish the extent to which NSE measure their information systems security awareness levels. However, the main question was how to determine the effectiveness of these awareness initiatives. Does awareness training have a direct influence on the security behavior of individuals, and what is the direct benefit of awareness training? The research presented a theory-based literature review of the approaches used within Nairobi Stock Exchange Automated Trading System users‘ on information security awareness. And to what extent does information security awareness training influence information security behavior? From the validations, it can be stated that the study was a success. Further study on the field is highly encouraged to explore other possibilities in this field of Information Security awareness.