Value-focused assessment of ICT security awareness in an academic environment

Abstract

Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning. The fundamental objectives were found to be in line with the acknowledged goals of ICT security, e.g. confidentiality, integrity and availability. Other objectives that emerged were more on the social and management side, e.g. responsibility for actions and effective use of resources