An Analysis of Information Security Vulnerabilities at Three Australian Government Organisations

This paper reports on a study conducted by The University of Adelaide with the support of the Defence Science and Technology Organisation, to examine information security (InfoSec) vulnerabilities caused by individuals, and expressed by their knowledge, attitude and behaviour. A total of 203 employees, from three large Australian government organisations, completed a web-based questionnaire designed to capture the knowledge, attitude and behaviour of individuals in regard to InfoSec. In conjunction with this employee questionnaire, qualitative interviews were conducted with a small number of senior management employees from each of the three organisations. Overall, the questionnaire results indicated that employees from all three organisations had reasonable levels of awareness of InfoSec vulnerabilities. Analysis of the qualitative interviews revealed that management not only had an accurate understanding of their employees’ InfoSec awareness, but were able to recognise vulnerable areas that required further attention and improvement, such as the appropriate use of wireless technology, the reporting of security incidents and the use of social networking sites.