Informationssäkerhetsmedvetenhet : Hur kan små och medelstora företag inom tillverkningsindustrin arbeta för att öka informationssäkerhetsmedvetenhet hos anställda

Sammanfattning: Information security awareness among employees is something all organizations work with, and which must be constantly improved as new threats arise. The manufacturing industry is particularly vulnerable as they have recently begun to move towards a data-intensive industry. The purpose of the study is to investigate how small and medium-sized companies in the manufacturing industry can increase their knowledge and awareness of information security. The study is conducted via semi-structured interviews which then underwent a thematic analysis. The study describes the information security controls used in the manufacturing industry and in which way organizations use them to make employees information security aware. Information security managers describe the motives behind their choice of information security controls and how they adapt the training to increase information security awareness among employees. The employees describe how they feel that the information security controls work and how they could be changed. The study's conclusion contributes with recommendations for how organizations should proceed in order to make their employees aware of information security in the most effective way. The study also clarifies structural attributes that must be considered when introducing information security controls. The authors also draw attention to the importance of a simplified language within the organization, but also that it is important to create a safe work environment where employees can present incidents without feeling humiliated.