Awareness has been defined as conscious ideology of an issue or existence of broad subject matter (DTI, 11). This means not simply knowing about a subject but having the ability to interpret the subject and recognize the consequences of use of the subject. An individual must have some idea of the "working life to which an issue relates" in order to hold awareness of an issues (DTI, 10). Knowledge on the other hand requires "Theoretical or practical understanding of a subject" (DTI, 10). Knowledge suggests that an employee must demonstrate a clear understanding of the detailed provisions of a certain subject or situation (DTI, 11).
Using this interpretation it seems not enough that organizations evaluate employee awareness of issues, but rather than organizations must also test employee knowledge of business information systems. This is because by nature knowledge carries more weight and seems a stronger force than simple awareness. Employees may for example demonstrate that they are aware of a business information system but not have any knowledge of how it works or how it relates to the organizational system as a whole.
When measuring awareness and knowledge it is also vital for organizations to sue assessments other than a respondent's own assessment of their knowledge or awareness as such individual assessments may be tainted or not verifiable (DTI, 12). Rather, an organization should develop a systematic method of assessing awareness or knowledge to truly understand the level that employees understand a subject (business information systems) and can use it effectively (DTI, 12).
Business Information Systems and Employee Awareness
Relatively few studies have actually examined the relationship information systems and employee awareness of them have on organizational structure (Earl, 1998). There is however a growing interest by researchers and organizations alike to examine the relationship that exists between information technology systems and organizational structure (Earl, 1998).
Organizational structure however is "one of the key variables affecting how firm's strategies are implemented" thus analysis of organizational structure may be a critical determinant of organizational performance (Earl, 1998). An ability of a firm to compete depends on its ability to learn (Earl, 1998) which is in part a reflection of how aware employees are of organizational structure and how well they understand information technology and systems within the organization.
Types of Training Necessary
Studies suggest that the best way to overcome problems associated with business information failures is to train employees in best practices. Employees must not only understand the function of information systems and their relevance to the organization, but also must understand the risks associated with improper use or negligence. The best types of programs involve proactive intrusion prevention programs and systems, which include central security measures and employee awareness of security measures (such as antivirus software and firewalls) (Coe, 2005). Yet another study shows that "75% of organizations find that lack of user awareness damages security program's effectiveness' (Coe, 2). Employees and other end users are in fact an important link in the computer information system security process, yet many are unaware of this.
One way to mitigate concerns may be through creation of task forces which can include IT members, HR, marketing, internal communications and employees (Coe, 2005). These task forces can work on continuous improvement and ensure that employees are continually trained and informed of changes in information technology processes. Because the field of information management is so dynamic, changes, often within short intervals, are often inevitable. The more continuous improvement that exists, the more likely an organization is to successfully adopt efficient and productive business practices.
Key Features of Awareness Program
It is important that an awareness program is based on time tested procedures or processes. Organizations must decide what techniques and methods will work best for their organization based on a number of factors, including the industry the organization is in, the size of the organization, the organizational culture, the type of business information systems in use and the resources available to an organization (Coe, 2005).
For an organization to implement an effective awareness program it must first conduct an internal security audit so that management and security team members can gain insight into the current state of security awareness within an organization (Coe, 2005). This audit should review existing security policies, "the level or employee awareness" and any additional security systems in place (Coe, 3).
Other features of a successful program must include easy to understand computer use policies and enforceable ones (Coe, 2005). A policy must be incorporated into organizational culture and the environment and make use of any existing security force in place (Coe, 2005). Organizations should also work to garner feedback from employees regarding training, delivery method ad the perceived importance of a security program (Coe, 2005).
Employees must also become aware that business information systems are more than just technologically intelligent systems. There are many benefits employees and organizations stand to gain from using business information systems to their fullest. They are a "means to growing a business organization" and require among other things "vision, money and patience into their development and implementation" (Thierauf, 2001). A full understanding of information systems enable employees and managers to gain valuable insights regarding customers, transactions, suppliers and business functioning (Thierauf, 2001). Measuring awareness involves determining whether employees understand what steps are necessary to keep an organization functioning optimally in the present and in the future (Thierauf, 2001). It also entails gathering the necessary information to develop training programs that will result in a better understanding of knowledge, information and data in the organization necessary to manage the organization efficiently from day-to-day (Thierauf, 4).
Currie & Galliers (1999) propose a methodological approach to measuring awareness that entails eliciting factual information about social phenomena. From that perspective the researcher proposes using second order questions that are designed not simply to measure factual information however, but to put that information into conceptual context and clarify the subject rather than simply state facts (Currie & Galliers, 1999). The questions the researcher aims to answer in this study include whether measuring awareness offers companies competitive advantage and whether organizations understand the concept of measuring awareness and the potential security risks lack of awareness within an organization entails.
Specifically the researcher is focusing inquiry on business information systems awareness and knowledge within the organization. To answer these questions the researcher has embarked on a qualitative investigation of the literature available with respect to awareness and business information systems. Specifically the researcher analyzed previous studies and best practices related to information system technology use and employee training in its use. The author also attempt to understand how organizational systems are inextricably linked through information systems, employees and proper training systems.
Hoctor & Thierauf (2003) suggest that more and more business information systems are enabling organizations to optimize operations in an increasingly dynamic work environment. Information technology also changes from day-to-day and decision makers are increasingly faced with a need to educate employees about information systems including security threats and enable employees to better respond to customer needs using information systems (Hoctor & Thierauf, 2003). Organizations are also increasingly using information systems to enable and improve decision making capability in the hopes that they will optimize business transactions (Hoctor & Thierauf, 2003).
Despite the increasing relevance of business information systems studies suggest that time and time again organizations fail to assess employee competence and understanding of information technology in the workplace. Beyond the point of basic recognition of such systems many employees do not realize how information technology benefits the workplace and what risks are associated with use of information systems. Such lack of knowledge can be devastating to the organization.
It is important that organizations begin realizing the importance of not simply promoting employee awareness, but also knowledge acquisition for business information systems. Multiple factors may contribute to awareness and knowledge within the organization. Psychological theories have long attempted to identify patterns or methods of knowledge acquisition (DTI, 13). These include association and interest, which may contribute to awareness and a desire to learn. It is often easier for organizations to measure knowledge than it is for organizations to measure awareness, simply because awareness is a much more abstract concept less based on factual or concrete techniques or methods than assessing knowledge skills (DTI, 13). Self-assessed levels of knowledge and awareness may also be much different than actual levels of knowledge and understanding within the organization.
Study after study suggests that organizational systems will benefit when employees are aware of their use and potential problems associated with misuse including security breaches. A majority of problems that occur within the organizational context may be attributed to user error. This is part of the reason knowledge and awareness are so important within an organization.
The proper level of awareness within an organization is 100% awareness among employee, even if not all employees have 100% knowledge of business information systems. A variety of techniques can be used to ascertain the knowledge base of an…