The Role and Responsibilities of End-users in Securing their Organisation's Information

By

ACKNOWLEDGEMENT

I would take this opportunity to thank my research supervisor, family and friends for their support and guidance without which this research would not have been possible.

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________



TABLE OF CONTENTS

ACKNOWLEDGEMENTII

DECLARATIONIII

CHAPTER 3: METHODOLOGY1

Research Design1

Research Method1

Data regarding International Information Security Standards and Frameworks2

(a) Information security standards2

(b) Information security management standards3

(c) Generally Accepted Information Security Principles (GAISP)4

Secure System Engineering - Capability Maturity Model (SSE-CMM)6

CHAPTER 4: DISCUSSION AND ANALYSIS10

Information Security Policy10

Information security awareness15

The role of end users in information security22

Case Study: Information Security- Implementation of Cryptography23

CHAPTER 5: RECOMMENDATIONS25

(a) Developing Information Security Policy25

(b) Implementing information security policy26

(c) Establishment of Good Information Security Awareness27

Conclusion30

REFERENCES31

APPENDICES34

CHAPTER 3: METHODOLOGY

Research Design

There will be a secondary research for this topic because of the nature of topic and its specific requirements. The data will be qualitative as there would not be any questionnaires for the quantitative analysis. The information will be based on theoretical data rather than numeric data. In this research, there will be a need for Document review / Content analysis in which a complete review and analysis will be carried out from many resources as possible. Such resources will include research papers that will be similar to this subject. The data covered in the literature would be based on International information security standards and frameworks (e.g. ISO-IEC 27002-2005, Standards published by the NIST, COBIT, OECD, etc). The other resources from which the data will be extracted are international conference proceedings, research academic papers, Journals, Books etc. Therefore, this is going to be the overall research design for this literature.

Research Method

First of all the data based on the topic will be collected from various sources to cover the Methodology section. The information that will be gathered will be relevant to the topic and it will include the research papers that were written by various authors. All the information will be theoretical as it will mainly be a qualitative data. There would not be any kind of quantitative data because the topic does not require any numeric values. Therefore, this is going to be the overall research method for this literature.

Data regarding International Information Security Standards and Frameworks

(a) Information security standards

According to Hsu (2009), information security standards can either be technology-oriented or management-oriented. The technology-oriented standards are concerned with the logical and physical specifications of an information technology or a product. Examples of technology-oriented standards in information systems security are ISO 15408-1 (2009) which is used in the evaluation of security properties of information technology products, ISO 9594-8 (2005) which provides specifications for how information about objects should be organized and securely exchanged, ISO 9797-1 (1999) which provides specifications for message authentication codes, ...