Evaluating information security awareness: the importance of information security, a case study of SME's-aerospace technology systems corporation / Norliana Mustafa

This study is concerned with information security awareness among SME (small and medium enterprise). Previous study had identified that due to the distinct characteristics of SME's, these organisations usually take a more slight approach to information security management than larger enterprises. Most SME's are not prepared to adopt and practice information security due to the lack the funds, knowledge and specialised resources. Without a proper attention for security, it can become a source of significant risks against the organisation. Information security is increasingly becomes as one of a critical elements in an organisation. Information security awareness has become one of vital elements in ensuring the security and protection of the organisations assets. Therefore, this study is to evaluate information security awareness among SME's in order to gain an understanding of the employees' information security awareness. The data gathering instruments employed in this research are questionnaires survey that will identify and evaluate information security awareness of an SME organisation. Aerospace Technology Systems Corporation (ATSC) was chosen as the subject of the study. A survey was performed which resulted in a total of 85 respondents. The assessment of this study is based on KAB (knowledge, attitude and behaviour) model and CIA (confidentiality, integrity and availability). The findings of this study present the information security awareness of the employees which indicate that employees that possess information security knowledge, attitude and behaviour (KAB) tend to have higher information security awareness in ensuring the confidentiality, integrity, and availability (CIA) of business information. Some recommendation was made to reflect areas for improvement to increase employees' information security awareness.