Information Security Awareness in Public Administrations

Government digital agendas worldwide go hand in hand with the digital transformation in businesses and public administrations as well as the digital changes taking place in society. Information security (IS) and awareness (ISA) must be an integrated part of these agendas. The goal of IS is to protect information of all types and origins. Here, the employees play a necessary and significant role in the success of IS, and the entire staff of an institution need to know about their specific roles and be aware of the information security management system (ISMS). As there are still fundamental strategic deficiencies in the institutions themselves, humans should not be called “the weakest link” in the security chain. Rather, sustainable awareness-raising and training for people should be established in the institutions using interactive, authentic, and game-based learning methods. Psychological studies show the great importance of emotionalization when communicating IS knowledge and the reliable exchange of experience about IS. However, in many institutions, a change in culture is becoming necessary. IS must be integrated into all (business) processes and projects, and viable safeguards must be included. This chapter summarizes the most important scientific findings and transfers them to the practice of public administrations in Germany. Moreover, it shows examples of learning methods and provides practical assistance for IS sensitization and training

Passphrase and keystroke dynamics authentication: security and usability

It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation

The impact of work environment, individual characteristics, training design and motivation on training transfer to the work: the case of Saudi Arabian Public Security Organisation

The aim of this empirical study was to find out the impact of work environment, individual characteristics, training design and motivation on training transfer to the work in the context of public security. Methodology included a cross sectional questionnaire survey administered to a stratified convenience sample of 500 officers of Public Security Organisation in Saudi Arabia. The effective response rate was 70.2% (351 useable surveys returned out of 500 surveys administered). Data were analysed by running frequencies, descriptive statistics and exploratory factor analysis and structural equation modelling. Results showed that participants’ learning motivation was statistically significantly determined by peer support (β = .311, p = .000), training retention (β = .197, p = .027), goal orientation (β = .163, p = .036) and self-efficacy (β = .158, p = .047). Statistically significant predictors of transfer motivation were learning motivation (β = .401, p = .000), peer support (β = .224, p = .003), training retention (β = .176, p = .021) and self-efficacy (β = .152, p = .028), feedback (β = -.159, p = .014) and openness to change (β = -.147, p = .020). Statistically significant determinants of training transfer were training design (β = .318, p = .000), training retention (β = .313, p = .000), transfer motivation (β = .177, p = .008) and supervisor support (β = .146, p = .018). Training transfer to the work in the context of public security is positively affected by work environment, individual characteristics, training design and motivation factors but a negative association between transfer motivation and performance feedback and openness to change suggest a review of these factors in the context of public security organisations