THE FILTER MODEL OF INFORMATION SECURITY - A CONCEPTUAL-MODEL FOR EDUCATION AND TRAINING

This paper reviews existing models of information security, and examines their limitations when used in education and training at a conceptual level. A new model of security, the filter model, is then presented and explained. The filter model is based on the premise that each action that may be taken to improve the security of information systems is limited in its effect. In particular each action will only reduce the vulnerability to some security threats, and not to others. While this is recognised by supporters of all security models, it is the key concept on which the filter model is founded, thus setting this model apart from other common models. The filter model proposed in this paper goes further to include two levels of effectiveness, and uses a matrix presentation to summarise predicted effectiveness. The model as presented in this paper is at a high level of generality, with only five categories of security action and seven categories of threat being considered. While this level is consistent with the principal purpose of the model as a means of introducing the concepts of information security, the same structure could easily be used at a more detailed level. An outline is given of a survey designed to test the validity of the filter model, and the results of this survey are analysed in relation to the filter model as presented.