Comparison between Personal and Network Firewalls

By





ACKNOWLEDGEMENT

I would take this opportunity to thank my research supervisor, family and friends for their support and guidance without which this research would not have been possible.

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________



ABSTRACT

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. This study created a series of information security training videos that were viewed by four groups of managers. The questionnaire was provided to IT staff employed in various organisations in order to obtain an appropriate feedback. Each group was shown the video, and after this viewing, each group's values toward information security were ascertained and converted into security objectives following Keeney (1992)'s value-focused thinking approach. The results thus obtained, indicate that manager's objectives towards information security are affected by the nature and scope of the information security training they receive. The theoretical contribution of this research states that technically oriented information security training found in corporations today affects manager's values and security objectives to a large extent. The practical contribution of this research states that managers should receive socio-technical information security training as a part of their regular job training. The methodological contribution of this research demonstrates the successful use of the value-focused thinking approach as the input to the ranking of the Delphi methodology. Therefore, these were the steps that were followed to obtain findings in this research.

TABLE OF CONTENTS

ACKNOWLEDGEMENTII

DECLARATIONIII

ABSTRACTIV

CHAPTER 1: INTRODUCTION1

Background of the Study1

Problem Statement2

Research Aims and Objectives2

Rationale of the study3

CHAPTER 2: LITERATURE REVIEW4

2.1 Introduction4

2.2 Background7

2.3 Socio-technical Security7

2.4 Information Security Policy16

2.5 Information Security21

CHAPTER 3: METHODOLOGY31

3.1 Interview and Questionnaire Procedure31

3.2 Value-Focused Thinking33

3.3 Research Design35

CHAPTER 4: DISCUSSION AND ANALYSIS38

4.1 Analysis of the IT Staff's response from the Questionnaire38

4.2 Training Video Creation44

4.2.1 Technical Group Training Video44

4.3 Data Collection45

4.3 Discussion46

4.4 Conclusion46

CHAPTER 5: CONCLUSION48

5.1 Overview of the Research48

5.2 Limitations50

5.3 Future Research Directions51

REFERENCES52

APPENDICES60

LIST OF CHARTS, FIGURES AND TABLES61

CHAPTER 1: INTRODUCTION

Background of the Study

This research investigated how different kinds of information security training affect the nature and scope of information security policies within a firm. Maximizing information security within an organization starts with the creation of information security policies. They are the security objectives for protecting the firm's information systems. For example, many firms have security policies regarding acceptable computer use, e-mail, and passwords. Information security training, also known as security awareness training, is a method of educating all employees on how best to protect the firm's information systems. For example, employees may learn about viruses and worms, or how to recognize phishing e-mails. The goal is for employees to utilize what they learned in training in real-time working, so that the organization ...