International Journal of Innovative Research in Computer Science & Technology (IJIRCST) ISSN:2347-5552, Volume-2, Issue -3, May 2014 93 INFORMATION SECURITY AWARENESS IN CORPORATE GOVERNANCE Sham Sul Kamal Wan Fakeh, Mohd Sazili Shahibi, Adnan Jamaludin, Wan Ab Kadir Wan Dollah, Muhammad Kharulnizam Zaini, Yamin Kamis, Ahmad Soufien Othman. Abstract — The matrix analysis of the literature review in this study succeeded in producing factors that contribute to information security awareness. Information security awareness plays an important role in the continuity of an organization. Information security refers to the elements of confidentiality, integrity, and availability, of data or information, in an organization. The research began with definitions of information, information security, and information security awareness, as identified by previous publications. The four independent variables established in this study are policy of information security, education of information security, knowledge of IT, and employee’s behaviour towards information security in the workplace. A survey was selected as a research method for the study, and was conducted in order to gain respondent’s feedback on the level of information security awareness. The survey findings showed that the level of information security awareness was considered high, but the relation or contribution factors proposed by this study were only slight correlated. Keyword: Information Security, awareness, organization, variables, integrity I. INTRODUCTION These days, many organizations are interconnected through their Information Technology (IT) systems, for an easier and faster sharing of data for work, study, and communications, and many other routine human tasks. This may result in an information security risk for an organization (Solms R. v., 1998). The disruption of information security will kill the main purpose of this sophisticated technology, hinder the smooth operation of an organization, make users feel suspicious and traumatised, and could cause losses to the organizations involved. Manuscript received May 14, 2014. Sham Sul Kamal Wan Fakeh, Faculty of Information, University Teknologi (UiTM) Mara Shah Alam, Selangor Malaysia, 019-6038522, 03-79622143 (e-mail: shamsul@salam.uitm.edu.my) Mohd Sazili Shahibi, (e-mail: mohdsazili@salam.uitm.edu.my), Adnan Jamaludin, UiTM(e-mail: adnanj@salam.uitm.edu.my), Wan Ab Kadir Wan Dollah (e-mail: wkadir@salam.uitm.edu.my), Muhammad Khairulnizam Zaini (e-mail: nizam0374@salam.uitm.edu.my), Yamin Kamis (email: Yamin36@salam.uitm.edu.my) Ahmad Soufiean Othman (email: ahmadsoufiean@salam.uitm.edu.my) . Most of the information on security issues relies on physical devices. The device is used to guarantee the three main elements of information security. They are confidentiality, integrity, and availability. Discussion about these three elements, how equipment can protect data in the system or database, how the firewall protects to prevent outside attacks, how secure are the software or applications used to dispel hackers, and why technology cannot ensure against humans making mistakes. This forms another part of the information security issue, namely information security awareness. II. LITERATURE REVIEW According to Boyce & Jennings (2002), security awareness occurs when a user understands the security policies, procedures, and practices, in order for them to make sound judgments when a potential security issue occurs, in the absence of further guidance. Information security awareness focuses more on the motivation of the employee in an organization to follow the policy and regulations towards the security of information in the company. An approach which is often taken to raise awareness is having a program, training, or a seminar in the workplace. The objective of awareness is to minimize human related faults (Siponen M. T., A conceptual foundation for organizational information security awareness., 2000). Several authors state that the motive of information security awareness is to define that term. It is to refer to a state where people in a company are aware of their security mission (Siponen M. T., A conceptual foundation for organizational information security awareness., 2000). For instance, it means that a company wants to secure its confidential information from its competitors. Therefore, employees should not reveal particular information to their opponents; otherwise, the level of awareness amongst staff in that company is not as good as their mission. More disturbing, is the existence of those that are complacent and ignore the issue of information security, until their behaviour leads to information leakage. Either intentionally or unintentionally, information leaks can harm a company. Without trouble, these people do not work hard for the company, hacking and stealing information, with little regard for the people in the