Implementing an effective information security awareness program

The aim of this project and dissertation is to develop an effective information security awareness program that can be implemented within an organization. The project starts with a literature study that focuses on the requirements for an information security awareness program, research that has already been done in this area and behavioural issues that need to be considered during the implementation of such a program. A secondary deliverable of this project is to develop a web-based security awareness program that can be used to make employees more security aware and that should compliment a total security awareness program within an organization. Chapter 1 provides an overview of the problem statement, the objectives and structure of the project and dissertation, and the approach that was followed to solve the problem. In chapter 2 the concept of security awareness and the different components it consists of, are defined. The difference between awareness, training, and education, and the importance of implementing a security awareness environment within an organization, will be explained. Chapter 3 discusses the ISO 17799 security standard and what it says about security awareness and the importance of employee training. The security awareness prototype that was developed as part of this study plays a role in achieving the training objective. The Attitude problem is the focus of chapter 4. In order for a security awareness program to be effective, people’s attitude towards change must be changed. It is also important to measure the behavioural change to make sure that the attitude towards change did change. The security awareness prototype is introduced in this chapter and mentioned that this can be used to assist an organization to achieve their security awareness goals. Chapter 5 introduces the security awareness prototype in more detail. This prototype is an example of a web environment that can be used to train users to a higher degree of security awareness. Chapter 6 goes into more detail about the structure of the security awareness web environment. Access control and how it is achieved is explained. The objectives of the 10 modules and the test at the end of each module are also mentioned. Links and reports can also form part of this prototype to make it a more comprehensive solution. Chapter 7 provides an overview of a case study that I researched. It focuses on research done by Hi-Performance Learning about the human factor that is involved in any training program. I explain how they succeeded in addressing this and people’s sensitivity towards change. Chapter 8 explains the importance of choosing the right course content, learning media and course structure and how this led me to develop a web-based security awareness prototype. Other mechanisms like posters and brochures that can be used as part of a comprehensive security awareness program are discussed in chapter 9. Chapter 10 concludes the dissertation by providing an overview of how the security awareness program can be implemented and managed within an organization. A summary of how the objectives of this project and dissertation were met, are given at the end of this chapter.Von Solms, S.H., Prof

The Serums Tool-Chain:Ensuring Security and Privacy of Medical Data in Smart Patient-Centric Healthcare Systems

Digital technology is permeating all aspects of human society and life. This leads to humans becoming highly dependent on digital devices, including upon digital: assistance, intelligence, and decisions. A major concern of this digital dependence is the lack of human oversight or intervention in many of the ways humans use this technology. This dependence and reliance on digital technology raises concerns in how humans trust such systems, and how to ensure digital technology behaves appropriately. This works considers recent developments and projects that combine digital technology and artificial intelligence with human society. The focus is on critical scenarios where failure of digital technology can lead to significant harm or even death. We explore how to build trust for users of digital technology in such scenarios and considering many different challenges for digital technology. The approaches applied and proposed here address user trust along many dimensions and aim to build collaborative and empowering use of digital technologies in critical aspects of human society

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. Oil the one hand, the raison d'etre of the projects is to encourage members of their research communities to use the resources provided. Oil the other hand, the threats to these resources from online attacks require robust and effective Security to mitigate the risks faced. This raises two issues: ensuring that (I) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues call seriously jeopardise the success of e-Science projects.The aim of this paper is to firstly provide a detailed understanding of how these challenges call present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based Oil four case studies of c-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems.For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science. (C) 2007 Elsevier Ltd. All rights reserved

Evaluating internal controls in a computerised works environment – a risk to audit professionals and a challenge to accountancy training providers

Information and Computer technology (ICT) has become integral part to any modern accounting information systems. ICT, however, is a high risk discipline due to high level of vulnerabilities and threats.  A key emphasis ofauditing procedures is identifying risks, fraud and errors by making inquiries of and testing Internal controls within the entity in order to place some reliance on internal reports and associated management assertions. Auditors’ responsibility in identifying fraud has now been acknowledged by regulatory standards and the law. It has become critical that auditors are fully aware of the impact of ICT issues on the audit of a client’s financial statements in howICT is used by a client to gather process and report financial information.It is, therefore, recommended that accountancy training institutions kept pace with time and inculcated into their training more skills in ICT relevant to their field to improve on the quality of professionals. This article makes use of extensive review of literature with some empirical knowledge to aid the analysis of the available literature. Keywords: Auditors, internal control, challenges, accounting, information technology, risks, skills, training

Integrating security and usability into the requirements and design process

According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human–computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these

Ethics_ How to Develop Your Firm\u27s Cybersecurity Policy

Meeting proceedings of a seminar by the same name, held August 30, 2022

Implementation of web-based application for self assessment of professional qualifications.

Διπλωματική εργασία--Πανεπιστήμιο Μακεδονίας, Θεσσαλονίκη, 2019.This thesis explores self-assessment of professional qualifications in the Information and Communications Technology (ICT) sector, aiming to introduce improvements with the implementation of a new web-based application. The outcome of the research indicates applications’ functionality that provide adequacy in skills matching and job matching, however there is a gap in the verification of the employability level, as a unique characteristic that may enable professionals to compare their selves with others. More specifically, the exact point of interest is to enable professionals matching their potential for employment, against ICT professionals that hold roles that they are interested, per geographic region. This thesis focuses in the utilization of such a functionality within a web application, and has clear benefits and implementation difficulties. This is considered as a major problem solving functionality, as it serves to rate professionals, following a rating method developed similar to the ratings provided by financial organizations that verify creditworthiness

Suicide Education to Support Caregivers in their Abilities to Care for Suicidal Individuals

Purpose: Suicide is a preventable act of lethality yet still remains a public health concern. Suicide can affect individuals from a variety of backgrounds and does not discriminate against age, gender, ethnicity, income, or occupation. Efforts to prevent suicide often focus on supporting the suicidal individual however there is a lack of available resources that focus on supporting those closest such as caregivers. Caregivers can play a pivotal role in their loved one’s trajectory towards recovery. The purpose of this project was to provide caregivers with a suicide toolkit that encompasses basic education, approaches to supporting a loved one who is suicidal, and community resources on prevention. Methods: This quality improvement project included information on evidenced based approaches, and local resources on suicide prevention. A total of twenty caregivers were included in this project that were divided into two separate groups: group A and group B. Ten caregivers were assigned to group A and asked to provide input as to what they felt a toolkit should encompass based on identified needs, this feedback was then used in part to develop a suicide toolkit. Group B consisted of a second set of ten caregivers who were asked to complete a pre and post questionnaire following the review of the suicide toolkit that was developed by the DNP student to see whether or not scores improved. Results: Eight out of ten caregivers from group A provided input for toolkit development. Four common themes emerged from this feedback that were included in the development of the toolkit. Ten caregivers in group B completed the pre and post questionnaire following the review of the toolkit and the means between these groups were compared and showed a slight improvement but not to the proposed 25% goal set forth. Conclusion: Post questionnaire scores showed improvement in comparison to pre questionnaire scores however several questions reflected no improvement in scores. This data may suggest that providing a toolkit alone does not elicit specific improvements in knowledge, confidence, competence, and perceived caring abilities, rather it can be a component of treatment. Several limitations are discussed including a small sample size used and little to no additional participant identifiers. Future recommendations include increasing the sample size and changing the phrasing of the questionnaire to better reflect caregiver experiences

Cybersecurity & Ethics for Lawyers in Plain English

Meeting proceedings of a seminar by the same name, held April 26, 2022