Information Security Awareness in University: Maintaining Learnability, Performance and Adaptability through Roles of Responsibility Abdul Rahman Ahlan Information Technology Division (ITD) International Islamic University of Malaysia (IIUM) Selangor, Malaysia arahman@iium.edu.my Muharman Lubis International Islamic University of Malaysia Selangor, Malaysia muharman.lubis@gmail.com Abstract— As the 21 st century approached, the current trend of technology product besides deliver the benefit on availability and accessibility on information, problem emerged regard information security. In order to analyze on how technology introduces new risks, it is necessary to discuss the technology lifecycle. Consider for instance the life cycle of technology as the diffusion of an innovation. Since technological innovations or IT solutions are being adopted to support business processes, the need to protect those IT solutions arises with its adoption. Accordingly, two important factors need much consideration in raising awareness are how organization influences significantly of end user’s attitude and how the organization has the regular assessment or evaluation to measure the effectiveness of IS awareness policy inside the organization. Keywords; information security awareness; learnability; adaptability; performance; roles of responsibility I. INTRODUCTION A tremendous amount of technology-related innovation and change has occurred over the past decade in relation for the increasing demands on the technology needs in market area. The possible causes might be several and varied, for example, sudden changes of human attitude that are not following the established information security procedures because less attention or less familiar. It could compromise organization integrity leads to bad influence internally and externally. Moreover, the lack of security procedures under determined circumstances and the lack of mechanisms to evaluate the effectiveness of the Information Security Awareness (ISA) Program, they also may lead to undesired results with unexpected consequences. Therefore, while the procedure and mechanism could be measure through several criteria or checklist, it’s different on the human attitude. The organization should manage and organize human attitude as the valuable assets accordingly to be benefit to them. Many universities are still vulnerable from exploitation especially the human attitude threats. In general, ISA concerns on the degree of user understanding towards the importance of information security that will affect the university process on how end user response and act in facing the possible weaknesses emerged. To enhance the ISA towards the user’s attitude, the comprehensive study is encouraged in terms of the user’s perception and understandings consider that each environment has the unique characteristic compared to the others. Therefore, this paper aims to bridge the gap in literature and practical by examining how human attitude as the factor influence ISA positively for supporting university’s policies. In this research, assessment process based on adjustment of current framework and prototype, which will evaluate the concept reliability in the environment. Hence, we argue that research in ISA is limited in that; it does not provide details on how to utilize the human factors to improve ISA consider human threats as greatest risk. The paper review the literature in the area briefly, justifies the methods and variable, discusses the result and limitations and concludes by discussing further research directions in the area. II. LITERATURE REVIEW Information security issue already become top priorities in various institutions and strongly related to the concept of risk. According to the Information Security Forum [4], security awareness is defined as “the extent to which organizational members understand the importance of information security, the level of security required by the organization and their individual security responsibilities and act accordingly”. Meanwhile, Siponen [10] defined security awareness as “a state where users in an organization are aware, ideally committed to, of their security mission”. Study by Tolnai and von Solms [11] suggested the use of portal to raise the awareness among the community consider that most activities right now such as online transaction, banking and service have done through Internet. He said the missing point in the ISA is comprehensive knowledge in understanding of security, privacy and safety risk to have activities through Internet that might be compromised in the wrong hands. Interestingly, he also suggested the use of graphical interface to catch the end user attention and encourage interactivity that have similar principle like previous study suggest as the solution [2][9][13]. Furthermore, assessing the perception or expectation is important in analyzing the following issues like the way behaving on the works, actual habits which influences motivation towards improvement and user concerns of responsibility. The significant changes in the organization could not be immediately; the alignment of organization goals, 246 978-1-4577-2153-3 c 2011 IEEE