AN EFFECTIVE METHOD F OR INFORMATION SECURITY A WARENESS RAISING IN ITIATIVES

Increasingly, all kinds of organizations and institutionsare adopting the E-business model to conduct their activities and provide E-Services for their customers. In the process, whether they know it or not , those organizations are also opening themselves up to the risk of information security breaches. Therefore protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often underestimated. Research has shown that one of the most significant threats to information security come s not from external attack but rather from the system's users, because they are familiar with the infrastructure and have access to its resources , but may be unaware of the risks . Moreover, using only technological solutions to protect an organization’s assets is not enough; there is a need to consider the human factor by raising users’ security awareness. Our contribution to this problem is to propose an Information Security Awareness Program that aims at raising and maintainingthe level of users’ security awareness. This paper puts forward a general model for an information security awareness program and describes how it could be incorporated intoan organization’s website through the process of development life cycle.