A baseline for information security knowledge for end users
- Authors: Boshoff, Ryno
- Date: 2012
- Subjects: Data protection -- Management , Computer security -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9808 , http://hdl.handle.net/10948/d1013260
- Description: Information plays a vast contributing role to all resources within an organisation. Organisations should recognise the importance of information and implement information security controls to protect their information as this will ensure that the organisation‟s information retains its confidentiality, integrity and availability. Information security controls, which are the means of managing information risks, rely heavily on the user‟s knowledge regarding the use of these controls for their effectiveness, and as such, users should be educated in order to maximise effectiveness of these controls. Current information security educational programmes are created without necessarily taking into account the target audience, who comprises of all employees, stakeholders, suppliers, third parties, customers or other external parties or third party that requires access to the organisation‟s information. This results in programmes that are not linguistically appropriate; or that present knowledge at an inappropriate level for the target audience. This could leave users bored or confused, without successfully changing their behaviour or improving knowledge. This dissertation identifies a baseline for information security knowledge targeted at end users. This was done by means of a Delphi Study, where a profile of “generic” end users comprised of information security topics and concepts were rated by experts from the field of information security education. This resulted in the elimination of inappropriate topics and concepts and retaining the relevant and appropriate aspects. This baseline for information security knowledge can be characterised as a minimum standard that everybody should be educated on as an introductory or refresher course. This can also serve as the foundation phase to educate end users with knowledge of the basic topics and concepts to enable them to fulfil their responsibilities in order to protect information. If needed, topics and concepts could be added to the baseline for information security knowledge for specialised target audiences (e.g. specialised End Users, ICT Staff or Top Management).
- Full Text:
- Date Issued: 2012
- Authors: Boshoff, Ryno
- Date: 2012
- Subjects: Data protection -- Management , Computer security -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9808 , http://hdl.handle.net/10948/d1013260
- Description: Information plays a vast contributing role to all resources within an organisation. Organisations should recognise the importance of information and implement information security controls to protect their information as this will ensure that the organisation‟s information retains its confidentiality, integrity and availability. Information security controls, which are the means of managing information risks, rely heavily on the user‟s knowledge regarding the use of these controls for their effectiveness, and as such, users should be educated in order to maximise effectiveness of these controls. Current information security educational programmes are created without necessarily taking into account the target audience, who comprises of all employees, stakeholders, suppliers, third parties, customers or other external parties or third party that requires access to the organisation‟s information. This results in programmes that are not linguistically appropriate; or that present knowledge at an inappropriate level for the target audience. This could leave users bored or confused, without successfully changing their behaviour or improving knowledge. This dissertation identifies a baseline for information security knowledge targeted at end users. This was done by means of a Delphi Study, where a profile of “generic” end users comprised of information security topics and concepts were rated by experts from the field of information security education. This resulted in the elimination of inappropriate topics and concepts and retaining the relevant and appropriate aspects. This baseline for information security knowledge can be characterised as a minimum standard that everybody should be educated on as an introductory or refresher course. This can also serve as the foundation phase to educate end users with knowledge of the basic topics and concepts to enable them to fulfil their responsibilities in order to protect information. If needed, topics and concepts could be added to the baseline for information security knowledge for specialised target audiences (e.g. specialised End Users, ICT Staff or Top Management).
- Full Text:
- Date Issued: 2012
A brain-compatible approach to the presentation of cyber security educational material
- Authors: Reid, Rayne
- Date: 2012
- Subjects: Data protection -- Management , Computer security -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9819 , http://hdl.handle.net/10948/d1019895
- Description: Information is an extremely important asset in modern society. It is used in most daily activities and transactions, and, thus, the importance of information is acknowledged by both organisational and private home information users. Unfortunately, as with any asset, there are often threats to this asset and, therefore, an information security solution is required to protect information against potential threats. Human beings play a major role in the implementation and governing of an entire information security process and, therefore, they have responsibilities in this regard. Thus, the effectiveness of any information security solutions in either an organisational or a private context is dependent on the human beings involved in the process. Accordingly, if these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in the information security solutions and, thus, it is essential that all these information users be educated in order to combat any threats to the information security. Many of the current information security education programmes and materials are not effective, possibly because the majority of these current approaches have been designed without using a sound pedagogical theory. In addition, many of these programmes also only target organisational users. This, in turn, is problematic as information security education is required by everybody, organisational and private information users alike. This dissertation addressed the lack of a pedagogical basis in the designing of information security educational courses suited to an extremely broad target audience. Accordingly, the dissertation set out to demonstrate how a pedagogy, which is broadly used and accepted for a diverse target audience of learners, could be applied to the design of the presentation of a web based, cyber security educational courses.
- Full Text:
- Date Issued: 2012
- Authors: Reid, Rayne
- Date: 2012
- Subjects: Data protection -- Management , Computer security -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9819 , http://hdl.handle.net/10948/d1019895
- Description: Information is an extremely important asset in modern society. It is used in most daily activities and transactions, and, thus, the importance of information is acknowledged by both organisational and private home information users. Unfortunately, as with any asset, there are often threats to this asset and, therefore, an information security solution is required to protect information against potential threats. Human beings play a major role in the implementation and governing of an entire information security process and, therefore, they have responsibilities in this regard. Thus, the effectiveness of any information security solutions in either an organisational or a private context is dependent on the human beings involved in the process. Accordingly, if these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in the information security solutions and, thus, it is essential that all these information users be educated in order to combat any threats to the information security. Many of the current information security education programmes and materials are not effective, possibly because the majority of these current approaches have been designed without using a sound pedagogical theory. In addition, many of these programmes also only target organisational users. This, in turn, is problematic as information security education is required by everybody, organisational and private information users alike. This dissertation addressed the lack of a pedagogical basis in the designing of information security educational courses suited to an extremely broad target audience. Accordingly, the dissertation set out to demonstrate how a pedagogy, which is broadly used and accepted for a diverse target audience of learners, could be applied to the design of the presentation of a web based, cyber security educational courses.
- Full Text:
- Date Issued: 2012
- «
- ‹
- 1
- ›
- »