Information security used to be primarily a problem for governmental organizations or organizations whose operations need a high level of security to safeguard data and infrastructure. The fact that most information is now broadcast over the air and business is conducted through communication channels means that this way of life has an impact on the security of these assets. Therefore, information security issues should be treated equally to other security issues, and both of them need to be resolved simultaneously. The elements that positively or negatively affect information security awareness are then discussed in this study, with a focus on the role of organizations, senior management, and employees as well as technological and administrative security measures. As a result of this work, information security awareness has risen to the top of the security strategy and assumed paramount importance. As a result, classification of establishments and strategy planning must be done in the future while considering information security awareness.

Information Security, Security Awareness, Security Management

Dhiren R. Patel, Information Security: Theory and Practice, PHI Learning, 2008.

William E. Perry, Management Strategies for Computer Security, Butterworth Publishers, 1985.

Robert L. Braun and Harold E. Davis, Computer Fraud: Analyzing Perpetrators and Methods. The CPA Journal, ABI/INFORM Global database, 2004.

Mark Wilson, Kevin Stine, Pauline Bowen, Information Security Training Requirements: A Role- and Performance-Based Model, National Institute of Standers and Technology, 2009.

Frank D. Appunn, Computer User Security: A model Facilitating Measurement, Ph.D. thesis, Capella University, Dissertations & Theses: Full Text database, Publication No. AAT 3304130, 2008.

Harold F. Tipton and Micki Krause, Information Security Management Handbook, 6th Edition, CRC Press, 2007.

R. Casmir, a Dynamic and Adaptive Information Security Awareness (DAISA) Approach. Stockholm University Department of Computer and Systems Sciences, Royal Institute of Technology, 2005.

Robert Held, Security Awareness – Are Your Users “clued in” or “clueless”?, http://rr.sans.org/policy/sec_aware.php., 2001.

Thomas J. Bray, Security Actions during Reduction in Workforce Efforts: What to Do When Downsizing, Information system security, Vol. 11, No. 1, 2002.

G. Hinson, the True Value of Information Security Awareness. IsecT Publication, http://www.noticebored.com/html/why_awareness_.html. 2009.

ISO, Information Technology - Code of practice for information system security management, International Organization for Standardization/International Electrotechnical Commission (ISOIEC), 2005.

Dr. Gerald L. Kovacich, Edward Halibozek, the Manager's Handbook for Corporate Security: Establishing and Managing a Successful Assets Protection Program, Butterworth- Heinemann, 2003.

Mark Wilson and Joan Hash, Building an Information Technology Security Awareness and Training Program, National Institute of Standards and Technology, 2003.

Donn B. Parker, Fighting Computer Crime: A New Framework for Protecting Information, Computer Security Journal, Vol. 15, No. 4, John Wiley & Sons, 1998.

Nicholas Gaunt, Installing an Appropriate Information Security Policy, International Journal of Medical Informatics, Vol. 49, No. 1, 1998.

InfoSec Reading Room, Security Awareness: Implementing an Effective Strategy, http://www.sans.org/reading_room/papers/47/418.pdf, Sans Institute, 2002.

Richard Power, Computer Crime and Security Survey, Computer Security Issues & Trends, Vol. VIII, No.1, 2002.

The European Network and Information Security Agency (ENISA), Information security awareness in financial organizations, http:// http://www.enisa.europa.eu/doc/pdf/deliverables/is_awareness_financial_organisations.pdf, 2008.

T. Olzak, Strengthen Security with an Effective Security Awareness Program, http://adventuresinsecurity.com/Papers/Build_a_Security_Awareness_Program.pdf, Erudio Security LLC, 2006.

Mikko T. Siponen, On the Role of Human Morality in Information System Security: The Problems of Descriptivism and Non-descriptive Foundations, Proceedings of IS Security for Global Information Infrastructures, IFIP TC11 15th Annual Working Conference on Information System security, 2000.

Mikko T. Siponen, A Conceptual Foundation for Organizational Information Security Awareness, Information Management & Computer Security, Vol. 8, No.1. MCB UP Ltd, 2000.

Ronald L. Krutz and Russell Dean Vines, The CISSP Preparation Guide, John Wiley & Sons, 2002.

Telders E., Security awareness programs: a proactive approach, Computer Security Journal, Vol.7, No. 2. 1991.