When discussing internal security incidents, of
course they involve attacks on the people inside the
organisation such as the employee, contractor, or
third party support technician who can run the
software and or make a change that has negative
impacts to the organisation [10]. From the three
resources of internal security incidents, this paper
will focus on the employees in organisations who
are responsible in running the business process in
their daily work routines and also can be
categorised as human factor issues which is also
emphasised in this paper.
Therefore, the purpose of this paper is to
investigate the relationship between human factors,
information security, knowledge and knowledge
management. It also plans to develop a clear
definition of information security knowledge that
can be used to guide employees in implementing
information security practices within organisations.