In a knowledge economy where growth is dependent on the quality and accessibility of information, traditional lock and key security methods are simply inadequate in protecting an organisation and its data.
According to RMIT Vietnam Lecturer Duy Dang-Pham, organisations need a strong information security (InfoSec) culture, in addition to its more technical InfoSec strategies.
Dr Duy, along with senior researchers Professor Karlheinz Kautz, Dr Siddhi Pittayachawan and Dr Vince Bruno from the School of Business IT & Logistics at RMIT University in Melbourne, have recently completed a research project focused on social relations and their effect on information security (InfoSec).
“We’ve found that employees increase their information security awareness as a result of increased socialising with colleagues who have a high awareness of InfoSec issues,” said Dr Duy, who teaches in RMIT Vietnam’s School of Science & Technology.
“In other words, information security is contagious.”
The group’s research project investigated the creation of an InfoSec climate inside a large Vietnamese company.
“The partnership between the academics and the organisation allowed for a practical research project with immediate impact,” he said.
“We took part in the design and implementation of structural changes to improve InfoSec awareness among the staff of the enterprise.
“The project started with internal training on information security issues and identifying the key influencers in the InfoSec culture within the workplace. These influencers are staff members of different levels or roles, and who were informally providing information security advice across the network.”
The researchers analysed the perception of security issues among the employees as well as their social relationships and socialising patterns such as advice sharing.
This analysis allowed Dr Duy and his team to chart the changes in perception and socialising patterns over a period of three months, and track the changes that occurred.
“Staff who already have high awareness of information security can play a crucial role in elevating the organisation’s InfoSec culture, simply through social influence,” Dr Duy concluded.
The group’s research “Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis” has been published in the Australasian Journal of Information Systems.
Story: Matt Kelly