Abstract:

The role and importance of information security policy is gaining its popularity in many large organisations. However, this is not the case for SMEs as developing and adopting information security policy requires a lot of time and resources (Doherty & Fulford, 2005). Lack of awareness, thus, exposes organisation to significant risk in ensuring security and protection of organisational assets. This paper reports awareness of information security at a SME in Malaysia. The research aims to establish among employees, 1) awareness of information security, 2) the relationship between knowledge, attitude and behaviour and information security awareness. A survey questionnaire was used to collect data about information security awareness. Partial-least square was used for data analysis. The findings present information security awareness of employees indicating attitude and behaviour found to be significantly influence confidentiality, integrity, and availability (CIA) of business information.