International Journal of Innovative Research in Engineering & Management (IJIREM) ISSN: 2350-0557, Volume:-3, Issue: - 4, July 2016 Copyright © 2016. Innovative Research Publications. All Rights Reserved 353 Factor of Awareness in Corporate Governance Sham Sul Kamal Wan Fakeh, Julina Tajul Ariffin, Zaharudin Ibrahim, Zahari Mohd Amin, Wan Abdul Malik, Mohd Jailani Paiman, A’dillah Mustafa, Mohd Ridzuan Ibrahim, Yanti Rahayu Rambli, Juwahir Ali Faculty of Information Management, University Technology MARA (UiTM), Shah Alam, MALAYSIA ABSTRACT The research began with definitions of information, information security, and information security awareness, as identified by previous publications. The four independent variables established in this study are policy of information security, education of information security, knowledge of IT, and employee’s behaviour towards information security in the workplace. A survey was selected as a research method for the study, and was conducted in order to gain respondent’s feedback on the level of information security awareness. The survey findings showed that the level of information security awareness was considered high, but the relation or contribution factors proposed by this study were only slight correlated. Keyword Information, awareness, organization, variables, integrity I. INTRODUCTION Most of the information on security issues relies on physical devices. The device is used to guarantee the three main elements of information security. They are confidentiality, integrity, and availability. Discussion about these three elements, how equipment can protect data in the system or database, how the firewall protects to prevent outside attacks, how secure are the software or applications used to dispel hackers, and why technology cannot ensure against humans making mistakes. This forms another part of the information security issue, namely information security awareness. II. LITERATURE REVIEW Factor of awareness focuses more on the motivation of the employee in an organization to follow the policy and regulations towards the security of information in the company. An approach which is often taken to raise awareness is having a program, training, or a seminar in the workplace. The objective of awareness is to minimize human related faults (Siponen M. T., A conceptual foundation for organizational information security awareness., 2000). Several authors state that the motive of information security awareness is to define that term. It is to refer to a state where people in a company are aware of their security mission (Siponen M. T., A conceptual foundation for organizational information security awareness., 2000). For instance, it means that a company wants to secure its confidential information from its competitors. Therefore, employees should not reveal particular information to their opponents; otherwise, the level of awareness amongst staff in that company is not as good as their mission. More disturbing, is the existence of those that are complacent and ignore the issue of information security, until their behaviour leads to information leakage. Either intentionally or unintentionally, information leaks can harm a company. Without trouble, these people do not work hard for the company, hacking and stealing information, with little regard for the people in the organization itself, and this information falls into the hands of unscrupulous people easily. In 1998, Solms stated that the aim of information security is to ensure business continuity and to minimize business damage, by preventing and minimizing the impact of security incidents. Information protection usually relies on an information security plan and management, which involves humans (Kruger, Drevin, & Styen, 2010). This means that knowledge, education, and awareness, plays a role in the success of information security, to protect information in an organization. For example: When an employee does not logoff from a computer after use, unscrupulous people can steal data from the computer and use it for personal gain or to compete with that particular company. Therefore, this is the effect of a behaviour that does not consider information security matters, or in other words, does not realize the importance information security awareness. III. RESEARCH FRAMEWORK According to Stanton, Stam, Mastrangelo, & Jolton (2005), appropriate and constructive behaviour by end users, system administrators, and others, can enhance the effectiveness of information security; while inappropriate and destructive behaviour can substantially inhibit its effectiveness. An article by Thomson & Solms (1998) talked about changing human interest for information security awareness program, by using psychological principles that have been ignored by information security practices. Gordon (2010) directly determined the relationship between security awareness and security behaviour in individuals. According to Kruger & Kearney (2006), human behaviour consists of an intention to