Information security awareness: System administrators and end-user perspectives at Florida State University

Researchers have explored the potential of using various approaches in order to reduce the number of security breaches caused by system users. The approaches can be categorized into technology and non-technology approaches. Technology approaches advocate the use of technological tools or integrating a variety of technologies during system design in order to address security issues. Non-technology approaches advocate the use of other means such as good user interface design and user education in order to reduce security breaches.;The research described in this thesis considers non-technical approaches. It specifically evaluates system administrator and user perceptions of information security practices and user awareness at Florida State University. The study involves system administrators and end users. Data for this research was collected by surveying and interviewing system administrators; in addition, documents such as such security policies, training materials and email alerts were reviewed. End user data was collected by using a questionnaire.;The aim of the system administrators' survey was to collect preliminary information about user awareness. Then follow up interviews were used to determine the perceptions of system administrators regarding non-technical approaches to security and their views about the user's role in security. Although interview results showed that system administrators placed more emphasis on external and technical threats than on internal and non-technical threats due to different factors including availability of resources, attitude toward users, and satisfaction with technological tools, in general results from system administrators showed that system administrators are more likely to engage effectively in user awareness if such barriers to user awareness are addressed.;The second part of the study surveyed end users. The aim of the survey was to collect information about end users' general information vulnerability, awareness and practices. Findings from user surveys showed that users need user awareness education for them to be able to protect themselves against security attacks.;The results of this study have increased understanding of the problems that hinder nontechnical approaches to security. The fact that user practices have been shown to correlate with security awareness suggests that it is time to consider human factors.