As the issue of information security becomes increasingly important, high-level management security awareness on operation of organizational information security activities is a significant factor in success. Hence, the aim of this research is to explore how the organizational information security activities are being influenced by high-level management security awareness, and to use information security standard BS7799 to evaluate the execution phase of organizational information security. Combining literature research, case study and the main security codes of BS7799, this paper proposes a conceptual model of high-level management security awareness, organizational information security activities and organizational information security standard in relation to each other. In our conclusion, we discovered that the higher the high-level management security awareness cognizance about industry risks, the implementation of security measures and the threats to organizational security not only facilitate the four information security activities of deterrence, prevention, detection and recovery, they also enhance the standard of organizational information security. In practice, the conclusion of this paper hopes to remind high-level management to be aware of the threats of human factors and also to strengthen risk evaluation and deterrence activity.
Sun, Szu-Yuan; Yeh, Ya-Chic; Sun, Pei-Chen; and Lan, Ming-Yan, "An Exploratory Study of the Relationship among the High-level Management’s Security Awareness, Organizational Information Security Activities, and the Execution Level of Organizational Information Security" (2003). ICEB 2003 Proceedings (Singapore). 68.