Teknillinen tiedekunta, 2008
The principle research objective of the thesis is to survey the current reality of information security awareness among the personnel of the Finnish Open Universities in the light of recent theory. The thesis follows mainly the theoretic-empirical research method with an influence of a case-research method. The theory part of the thesis progresses from an abstract level towards more concrete issues. First we discuss the principles of information security and introduce privacy and legislation concerning the subject area of the thesis. Secondly, we examine the human factor in information security, the possible risks brought by the personnel and the preventive method, information security training.
The level of user's information security awareness is influenced by several interlocking organizational, technological and individual factors. User's awareness behavior and motivation are influenced by information security management, social norms and interactions at the work place as well as personal factors, such as knowledge, attitude and values. In addition, the level of information security awareness in an organization is greatly dependent on the extent of information security training. Training has to be continuous and originate from the top management.
The results of this thesis give reason to presume that the level of information security awareness among the personnel of Open Universities in Finland is fairly low. The two major possible security threats are trustfulness and carelessness of the employees. In addition, the foundation for information security awareness at the Finnish Open Universities is weak, as information security training is rarely provided for the personnel.
Information security, Open University, information security awareness