1- I need it form the writer to work with me every part.
2- When he finish form every part i need to see it and discus it
3- I need to used survey to collect data form the university.
4- I upload file have the proposal i want to write about it
the structure of the thesis will be
1.1 The problem of the study.
1.2 The importance of the study
1.3 Objectives of the study
1.4 The limitations of the study, which are the difficulties faced by the researcher when writing scientific research
2- Literature review
2.1 Previous studies that the researcher relies on in his thesis.
2.2 A summary of previous studies, what they reached, and their relationship to the message
3- Methodology, and tools used in the resea
3.1 The community from which the study sample was taken
3.2 Tools used in the message, such as questionnaires, interviews, and other
3.3 The results of the researcher through this study
4- References and appendices
Table of Contents
Information security consciousness among students at Hail University
The importance of information security awareness keeps manifesting with greater technological integration. A literature review indicates that most studies focus on technological aspects and ignore the contribution of individuals and organizations. This research will review information security policies at Hail University and test a sample of students on the familiarity with the policies. Besides, participants will receive a standardized test to determine aspects of their human nature. The results of the survey will be analyzed qualitatively to attain a description of information security awareness among the students.
Information security refers to the practice of restricting unauthorized recording, disclosure, inspection, modification, disruption, and destruction of physical and digital information . This study will focus on digital information since it is the largely used medium of communication. A literature review will be conducted to establish the standing and contribution of the study. The listed objectives establish what the study intends to prove. A methodology that will be used to conduct the study is provided. It indicates the feasibility and logic of the process. The survey study will seek to establish security consciousness among students of Hail University.
Information is fundamental in the sustenance of any modern-day organization. Protecting this essential asset requires the integration of organizational, technological, and human aspects that are closely associated with people . Tsohou et al. established that folks adopt security-related knowledge and make decisions on security differently . This is because personal beliefs, perceptions, and biases significantly influence compliance with security policies. Programs for security awareness should focus on factors affecting the internalization of communicated information . According to Bellekens et al., the human factor is regarded mainly as a primary aspect of cybersecurity research . Situational and risk perception are termed as critical elements in the decision-making process. Emotional stability, propensity for risks, conscientiousness, and agreeableness affect information security awareness, while gender and age do not . Many researchers have established the growing influence of digital systems and sought to determine security awareness among people. Parsons et al. studied three features of information security decision making, namely self-reported behavior, attitude towards procedures and policies, and knowledge of procedures and policies . The aspects were examined against factors within the organization that could increase the vulnerability of information. The sample size was 500 employees, and the results suggested a link between organizational data security culture and data security decisions.
According to Ogutcu et al., software and hardware mechanisms are used to enhance the formidability of information systems . However, the systems are highly vulnerable to interference due to undesirable behaviors by humans. Compliance with information security policies requires knowledge of the policies . To increase compliance, most organizations have sought to implement programs and periodic interventions to ensure the dissemination of policies. Soomro et al. reviewed over 39 reports and found that most information security awareness studies focused on the technological framework and ignored the contribution of management . The role of management should be considered in information security management.
From the literature review, it has been established that an organization plays a huge role in the informational awareness of the employees. Besides, human nature contributes to the adherence and intake of the set policies. In this study:
|1 – Policy Objective|
The main objective of Information Security Policy is to assure and communicate the management direction and support for information security in accordance with UOH’s business requirements and relevant laws and regulations.
|2 – Policy Scope|
This policy applies to UOH, its affiliated partners or subsidiaries, including data processing and process control systems, that are in possession of or using information and/or facilities owned by UOH.
This policy applies to all UOH faculty, staff, students and third parties that are directly or indirectly employed by UOH, subsidiaries or any entity conducting work on behalf of UOH that involves the use of information assets owned by UOH.
|3 – Policy Statements|
3.1 Information Security Definition
The information asset’s availability, integrity, confidentiality, and accountability are essential to maintain UOH’s security compliance, and organization image. UOH Deanship of IT and E-Learning acknowledges the importance of ensuring information security and is committed towards supporting the information security goals and its principles.
UOH Information Security Policy’s ultimate goal is to ensure the following:
All UOH faculty, staff, students and third parties should adhere to this information security policy and the appropriate supporting policies. The following sections briefly summarize each of the policies that were developed as part of the ISMS (Information Security Management System) establishment to support the overall security posture of UOH.
These policies follow the best security practices including, but not limited to, ISO27001 standard and map to its recommendations:
1. Organization of Information Security Policy: The purpose of this policy is to establish a management framework to initiate and control the implementation of information security within the organization. This policy details the roles and responsibilities within UOH’s information security organization.
2. Asset Management Policy: The purpose of this policy is to define UOH objectives for establishing specific requirements to identify, and classify its assets; in addition to defining the acceptable use of information assets.
3. Human Resources Security Policy: The purpose of this policy is to define the requirements for the protection of UOH corporate assets from the intentional abuse, misuse, or destruction by employees and/or third parties. This can be achieved by implementing the appropriate measures in the processes of personnel hiring and release.
4. Physical and Environmental Security Policy: The purpose of this policy is to protect and preserve information, physical assets, and human assets by reducing the exposure to various physical threats that can produce a disruption or denial of information processing facilities service.
5. Communications and Operations Management Policy: The purpose of this policy is to define all the necessary controls required to protect UOH’s information assets transmitted over communication networks, and provide guidelines for the authorized use of information processing facilities.
6. Access Control Policy: The purpose of this policy is to allow authorized individuals and/or devices and to disallow unauthorized individuals and/or devices to access UOH information processing facilities. Logical and physical access controls should be considered for optimum security implementation.
7. Information Systems Acquisition, Development and Maintenance Policy: The purpose of this policy is to ensure that security is integrated throughout the lifecycle of information systems acquisitions, development and maintenance.
8. Information Security Incident Management Policy: The purpose of this policy is to develop a framework for timely and effective handling of information security incidents. The detection of potential information security incidents constitutes an action according to which it is timely identified and at the same time protects against real incidents intended to compromise the security posture of UOH.
9. Business Continuity Management Policy: The purpose of this policy is to define appropriate actions to mitigate any interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption. This includes controls, measures and precautions for disaster avoidance, procedures and instructions for recovery.
10. Compliance Policy: The purpose of this policy is to define the necessary requirements to avoid any breaches of the information security policies, laws, regulatory, contractual obligations and any security requirements.
3.2 Information Security Policy Document
[ISO 27001: A.5.1.1]
3.3 Review of the Information Security Policy
[ISO 27001: A.5.1.2]
|4 – Definitions and Terms|
All terms and acronyms used in this document are specified in the Information Security Management Systems Glossary Document.
|5 – Roles and Responsibilities|
All roles and responsibilities associated with this document are specified in the RACI Matrix Document.
|6 – Related Policies and Procedures|
The following are all related policies and procedures to this policy:
|7 – Document Owner|
Deanship of IT and E-Learning
|8 – Policy Changes, Review and Update|
|9 – Policy Enforcement / Compliance|
|10 – Policy Exceptions|
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.