Determinants that affect information security awareness and behavior: A systematic literature review

In today’s digital age, it is crucial for all organizations to manage their information systems security. This makes them potentially endangered by actions of employees and users. So there is a need of investing more on security related issues; one of them is giving attention for the human i.e. the social aspect of security. This paper critically analysis the different literatures using a systematic literature review technique using PRISMA search protocol concerning the determinants which most affect information security awareness and behavior. The information security training or education has given more emphasis than behavior and attitude. Then after identifying those determinants, it filters out the areas further study is needed which includes information security knowledge and care. It is determined that employee information security awareness and conduct are highly influenced by information security training, attitude, and behavior. Due to the choice of search criteria and/or databases, some pertinent papers may not have been included in this literature review so as to the study focus on developing nations. The factors that affect employees\u27 information security tasks and initiatives must be determined for future stud

Penerapan IT Security Awareness Standar Keamanan ISO 27001 Di BPJS Ketenagakerjaan Kantor Cabang Purwakarta

Abstract—Penerapan IT Security Awareness merupakan faktor penting di organisasi, perusahaan dan lembaga pemerintah saat ini karena ancaman serangan kebocoran data terus terjadi. Hal ini juga memperjelas bahwa adanya kebutuhan untuk membangun minimnya kesadaran para pegawai dalam meningkatkan keamanan data dan informasi perusahaan salah satunya di BPJS Ketenagakerjaan Kantor Cabang Purwakarta. Oleh karena itu, perlu adanya upaya dalam meningkatkan Penerapan IT Security Awareness pada pegawai BPJS Ketenagakerjaan dengan harapan dapat meningkatkan kesadaran serta pemahaman para pegawai mengenai Pentingnya Penerapan IT Security Awareness dengan menggunakan standar keamanan ISO 27001. Dan kajian yang diusulkan ini menggunakan metode kualitatif yang menguraikan penelitian untuk mengukur tingkat kesadaran pegawai BPJS Ketenagakerjaan cabang purwakarta dengan melakukan sebuah tes pemahaman para pegawai terhadap penerapan IT Security Awareness dengan standar keamanan ISO 27001. Maka dari itu adanya Penerapan IT Security Awareness ini juga bertujuan agar para pegawai lebih berhati-hati terhadap keamanan data diri sendiri dan data perusahaan. Dan tulisan ini dilatarbelakangi oleh adanya langkah meningkatkan penerapan IT Security Awareness di BPJS Ketenagakerjaan Kantor Cabang Purwakarta. &nbsp

Automated Java Challenges\u27 Security Assessment for Training in Industry - Preliminary Results

Secure software development is a crucial topic that companies need to address to develop high-quality software. However, it has been shown that software developers lack secure coding awareness. In this work, we use a serious game approach that presents players with Java challenges to raise Java programmers' secure coding awareness. Towards this, we adapted an existing platform, embedded in a serious game, to assess Java secure coding exercises and performed an empirical study. Our preliminary results provide a positive indication of our solution's viability as a means of secure software development training. Our contribution can be used by practitioners and researchers alike through an overview on the implementation of automatic security assessment of Java CyberSecurity Challenges and their evaluation in an industrial context.info:eu-repo/semantics/publishedVersio

Automated Java challenges' security assessment for training in industry: Preliminary results

Secure software development is a crucial topic that companies need to address to develop high-quality software. However, it has been shown that software developers lack secure coding awareness. In this work, we use a serious game approach that presents players with Java challenges to raise Java programmers' secure coding awareness. Towards this, we adapted an existing platform, embedded in a serious game, to assess Java secure coding exercises and performed an empirical study. Our preliminary results provide a positive indication of our solution's viability as a means of secure software development training. Our contribution can be used by practitioners and researchers alike through an overview on the implementation of automatic security assessment of Java CyberSecurity Challenges and their evaluation in an industrial context.info:eu-repo/semantics/publishedVersio

Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry

Secure coding guidelines are essential material used to train and raise awareness of software developers on the topic of secure software development. In industrial environments, since developer time is costly, and training and education is part of non-productive hours, it is important to address and stress the most important topics first. In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant metrics. The goal is to define priorities for a teaching curriculum on raising cybersecurity awareness of software developers on secure coding guidelines. Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results

Evaluation of IT Security Perception

Information Technology security is an important issue that companies ensure with using technical solutions most of the time. However, protection cannot be completely beneficial unless human factor is considered carefully. Technical solutions are successful together with non-technical solutions, such as security education/training programs which target to users. These activities are planned to improve knowledge of users and improve their secure behavior through increasing information security awareness about IT security. In this study IT security perception, awareness and behavior are evaluated together so as to understand how employees perceive IT security according to their professions from the point of IT security literacy. Furthermore, results are compared with global information security surveys to expand the understanding

Cybersecurity Games for Secure Programming Education in the Industry: Gameplay Analysis

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study

CyberSecurity Challenges: Serious Games for Awareness Training in Industrial Environments

Awareness of cybersecurity topics, e.g., related to secure coding guidelines, enables software developers to write secure code. This awareness is vital in industrial environments for the products and services in critical infrastructures. In this work, we introduce and discuss a new serious game designed for software developers in the industry. This game addresses software developers' needs and is shown to be well suited for raising secure coding awareness of software developers in the industry. Our work results from the experience of the authors gained in conducting more than ten CyberSecurity Challenges in the industry. The presented game design, which is shown to be well accepted by software developers, is a novel alternative to traditional classroom training. We hope to make a positive impact in the industry by improving the cybersecurity of products at their early production stages.Comment: Preprint accepted for publication at the 17. Deutscher IT-Sicherheitskongress. arXiv admin note: substantial text overlap with arXiv:2102.0534

Design of secure coding challenges for cybersecurity education in the industry

To minimize the possibility of introducing vulnerabilities in source code, software developers in the industry may attend security awareness and secure coding training. One promising novel approach to raise awareness is to use cybersecurity challenges in a capture-the-flag event. In order for this to be effective, the types of challenges must be adequately designed to address the target group. In this work we look at how to design challenges for software developers in an industrial context, based on survey given to security experts by gathering their experience on the field. While our results show that traditional methods seem to be adequate, they also reveal a new class of challenges based on code entry and interaction with an automated coach.info:eu-repo/semantics/acceptedVersio