Constructivist approach to information security awareness in the Middle East

Abstract

This paper studies the application of an approach to enhance information security awareness amongst employees within middle-eastern companies, in effort to improve information security. We aim at surveying the current attitudes and awareness levels of 116 employees in 22 companies towards information security. Two companies, from the group of companies, opted to implement a sample of the new approach which was developed based on a highly-employee centered methodology that is constructivist in nature. The approach aims to benefit the employees at different levels as it effects and encourages employee learning autonomy. The significant findings and results of this study were: (1). 91% of the employees in the case-study preferred the new approach (constructivist ISA) as opposed to current approaches conducted by their own companies. (2). 94% of the employees surveyed were dissatisfied with their companies' current information security programs, which were not interactive but completely passive in nature. © 2010 IEEE.