Date of Award

Spring 5-1-2005

Document Type


Degree Name

Master of Science in Information Systems (MSIS)

First Advisor

Kevin Streff

Second Advisor

Tom Farrell

Third Advisor

David Rowley


Employees are often refers to as the weakest link in an information security program. Various information security surveys state that nearly two-thirds of reported security breaches are primarily the result of human error. There is therefore the need to create a program to help increase employees information security awareness. Developing and implementing a successful security awareness program is an essential step in enhancing security within any organization. Although the weakness that people present can never be totally eliminated, a well-planned security awareness program can help to reduce the risk to an acceptable level. This research study illustrates why security awareness is so important, what it suppose to accomplish and it developed information security awareness model for small banks. In addition, the research study provides a recommendation for implementing an effective security awareness strategy. If well implemented, this program will help small banks to jump-start their security awareness program by given employees the knowledge they need to behave in a secure manner.