A Holistic Evaluation Model for Information Security Awareness Programs in Work Environment

被引:0
|
作者
Alharbi, Talal [1 ]
机构
[1] Univ Jeddah, Cybersecur Dept, Coll Comp Sci & Engn, Jeddah, Saudi Arabia
来源
2023 EIGHTH INTERNATIONAL CONFERENCE ON MOBILE AND SECURE SERVICES, MOBISECSERV | 2023年
关键词
compliance; policy; awareness; human factors; security culture;
D O I
10.1109/MOBISECSERV58080.2023.10329041
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Cybersecurity Awareness (CSA) programs play an crucial role in avoiding the human errors that lead to cyberattacks. Traditional CSA programs depends on self-reporting methods to assess the employees knowledge and behavior. However, relying on self-reporting methods may yield in inaccurate measurements and pose challenges in monitoring the change and improvement in employees behavior and compliance. In this paper, we propose a novel framework to assess the employees' behavior, by passive and active techniques that collect data from different sources. Our proposed method supports Machine Learning (ML) for data analysis to identify security risky behavior and recommend the most effective program to each group of employees based on their needs.
引用
收藏
页数:4
相关论文
共 50 条
  • [41] Holistic Approach for Governing Information System Security
    Spremic, Mario
    WORLD CONGRESS ON ENGINEERING - WCE 2013, VOL II, 2013, : 1242 - 1247
  • [42] Information Environment Security
    Waltzman, Rand
    PROCEEDINGS OF THE 20TH ACM SIGKDD INTERNATIONAL CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING (KDD'14), 2014, : 1521 - 1521
  • [43] Model for Sharing the Information of Cyber Security Situation Awareness between Organizations
    Kokkonen, Tero
    Hautamaki, Jari
    Siltanen, Jarmo
    Hamalainen, Timo
    2016 23RD INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), 2016,
  • [44] The Enemy Within: A Behavioural Intention Model and an Information Security Awareness Process
    Gundu, Tapiwa
    Flowerday, Stephen V.
    2012 INFORMATION SECURITY FOR SOUTH AFRICA (ISSA), 2012,
  • [45] IGNORANCE TO AWARENESS: TOWARDS AN INFORMATION SECURITY AWARENESS PROCESS
    Gundu, T.
    Flowerday, S. V.
    SAIEE AFRICA RESEARCH JOURNAL, 2013, 104 (02): : 69 - 79
  • [46] Building an awareness-centered information security policy compliance model
    Koohang, Alex
    Anderson, Jonathan
    Nord, Jeretta Horn
    Paliszkiewicz, Joanna
    INDUSTRIAL MANAGEMENT & DATA SYSTEMS, 2019, 120 (01) : 231 - 247
  • [47] Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system
    Hepp, Shelanne L.
    Tarraf, Rima C.
    Birney, Arden
    Arain, Mubashir Aslam
    HEALTH INFORMATION MANAGEMENT JOURNAL, 2018, 47 (03) : 116 - 124
  • [48] Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banks
    Bauer, Stefan
    Bernroider, Edward W. N.
    Chudzikowski, Katharina
    COMPUTERS & SECURITY, 2017, 68 : 145 - 159
  • [49] Exploring role of moral disengagement and counterproductive work behaviours in information security awareness.
    Hadlington, Lee
    Binder, Jens
    Stanulewicz, Natalia
    COMPUTERS IN HUMAN BEHAVIOR, 2021, 114
  • [50] Value-focused assessment of information communication and technology security awareness in an academic environment
    Drevin, Lynette
    Kruger, Hennie
    Steyn, Tjaart
    SECURITY AND PRIVACY IN DYNAMIC ENVIRONMENTS, 2006, 201 : 448 - +
12345