A Holistic Evaluation Model for Information Security Awareness Programs in Work Environment

被引:0
|
作者
Alharbi, Talal [1 ]
机构
[1] Univ Jeddah, Cybersecur Dept, Coll Comp Sci & Engn, Jeddah, Saudi Arabia
来源
2023 EIGHTH INTERNATIONAL CONFERENCE ON MOBILE AND SECURE SERVICES, MOBISECSERV | 2023年
关键词
compliance; policy; awareness; human factors; security culture;
D O I
10.1109/MOBISECSERV58080.2023.10329041
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Cybersecurity Awareness (CSA) programs play an crucial role in avoiding the human errors that lead to cyberattacks. Traditional CSA programs depends on self-reporting methods to assess the employees knowledge and behavior. However, relying on self-reporting methods may yield in inaccurate measurements and pose challenges in monitoring the change and improvement in employees behavior and compliance. In this paper, we propose a novel framework to assess the employees' behavior, by passive and active techniques that collect data from different sources. Our proposed method supports Machine Learning (ML) for data analysis to identify security risky behavior and recommend the most effective program to each group of employees based on their needs.
引用
收藏
页数:4
相关论文
共 50 条
  • [21] EFFECTIVE SECURITY PROGRAMS START WITH AWARENESS
    WEBER, A
    DATA MANAGEMENT, 1985, 23 (11): : 34 - 35
  • [22] A comprehensive holistic model for evaluation and acceptance analyses of information services: The Information Service Evaluation (ISE) model
    Schumann, Laura
    Stock, Wolfgang G.
    INFORMATION-WISSENSCHAFT UND PRAXIS, 2014, 65 (4-5): : 239 - 246
  • [23] A Network Security Situational Awareness Model Based on Information Fusion
    Abasi
    ADVANCES IN MECHATRONICS, AUTOMATION AND APPLIED INFORMATION TECHNOLOGIES, PTS 1 AND 2, 2014, 846-847 : 1632 - 1635
  • [24] Enhancing Information Security Education and Awareness: proposed characteristics for a Model
    Amankwa, Eric
    Loock, Marianne
    Kritzinger, Elmarie
    2015 SECOND INTERNATIONAL CONFERENCE ON INFORMATION SECURITY AND CYBER FORENSICS (INFOSEC), 2015, : 72 - 77
  • [25] Information Security Policy Compliance: The Role of Information Security Awareness
    AL-Omari, Ahmad
    El-Gayar, Omar
    Deokar, Amit
    AMCIS 2012 PROCEEDINGS, 2012,
  • [26] Mind the Threat! A Qualitative Case Study on Information Security Awareness Programs in European Banks
    Bauer, Stefan
    Chudzikowski, Katharina
    AMCIS 2015 PROCEEDINGS, 2015,
  • [27] Information Security Service Branding - beyond information security awareness
    Rastogi, Rahul
    von Solms, Rossouw
    IMSCI'11: THE 5TH INTERNATIONAL MULTI-CONFERENCE ON SOCIETY, CYBERNETICS AND INFORMATICS, VOL I, 2011, : 55 - 60
  • [28] Investigating Information System Security Policy and Awareness Training Programs in South African Organizations
    Makhudu, Ambrocia Boitumelo
    Mavetera, Nehemiah
    Mavetera, Chipo
    INNOVATION VISION 2020: SUSTAINABLE GROWTH, ENTREPRENEURSHIP, AND ECONOMIC DEVELOPMENT, VOLS 1-4, 2012, : 1870 - 1882
  • [29] Holistic security: The integration of information and physical security as an element of homeland security
    Hamilton, Caroline
    Computer Security Journal, 2003, 19 (01): : 35 - 40
  • [30] An Analysis of Assessment Approaches and Maturity Scales used for Evaluation of Information Security and Cybersecurity User Awareness and Training Programs: A Scoping Review
    Muronga, Khangwelo
    Herselman, Marlein
    Botha, Adele
    Da Veiga, Adele
    2019 SECOND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING APPLICATIONS 2019 (NEXTCOMP 2019), 2019,
12345