nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

The Feasibility of Raising Information Security Awareness in an Academic Environment Using SNA

verfasst von : Rudi Serfontein, Lynette Drevin, Hennie Kruger

Erschienen in: Information Security Education – Towards a Cybersecure Society

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The human aspect is one of the key success factors in information security (InfoSec). Its impact on InfoSec is so significant that multiple studies have shown that a balanced approach combining technology and security awareness is needed in order to maintain the integrity of an organisation’s security. At present, one of the methods most often used to address InfoSec awareness is to develop security awareness programmes that can be used to educate its users within an organisation. This method has several drawbacks; however, as such programmes might not be comprehensive enough, or quick enough to address newer threats. It can furthermore lead to the users developing InfoSec fatigue, which renders most attempts at improving security awareness pointless. These problems are compounded by non-traditional organisational structures, such as those found in educational institutions, where both students and staff should be made aware of information security risks on a regular basis. In order to address the potential information security awareness problem at educational institutions, this paper investigates the feasibility of using Social Network Analysis (SNA) to improve existing security awareness programmes. Following a brief introduction to SNA, two illustrative examples are offered to show that SNA presents a viable option to improve programmes for raising information security awareness in an academic environment, by allowing for the effective selection of ideal target locations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards Educational Guidelines for the Security Systems Engineer

Nächstes Kapitel Factors Influencing Smartphone Application Downloads

Shillair, R., Cotten, S.R., Tsai, H.S., Alhabash, S., LaRose, R., Rifon, N.J.: Online safety begins with you and me: convincing Internet users to protect themselves. Comput. Hum. Behav. 48, 199–207 (2015)CrossRef

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C.: Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014)CrossRef

Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manage. 36(2), 215–225 (2016)CrossRef

Rezgui, Y., Marks, A.: Information security awareness in higher education: an exploratory study. Comput. Secur. 27(7–8), 241–253 (2008). https://doi.org/10.1016/j.cose.2008.07.008CrossRef

Byrne, Z.S., Dvorak, K.J., Peters, J.M., Ray, I., Howe, A., Sanchez, D.: From the user’s perspective: perceptions of risk relative to benefit associated with using the internet. Comput. Hum. Behav. 59, 456–468 (2016)CrossRef

Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)CrossRef

Aloul, F.A.: The need for effective information security awareness. J. Adv. Inf. Technol. 3(3), 176–183 (2012)

Chen, C.C., Medlin, B.D., Shaw, R.S.: A cross-cultural investigation of situational information security awareness programs. Inf. Manage. Comput. Secur. 16(4), 360–376 (2008)CrossRef

Thomson, M.E., von Solms, R.: Information security awareness: educating your users effectively. Inf. Manage. Comput. Secur. 6(4), 167–173 (1998)CrossRef

10.

Siponen, M.T.: A conceptual foundation for organizational information security awareness. Inf. Manage. Comput. Secur. 8(1), 31–41 (2000)CrossRef

11.

Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Comput. Secur. 25(4), 289–296 (2006)CrossRef

12.

Ng, B., Kankanhalli, A., Xu, Y.: Studying users’ computer security behavior: a health belief perspective. Decis. Support Syst. 46(4), 815–825 (2009)CrossRef

13.

Tsohou, A., Karyda, M., Kokolakis, S.: Analysing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs. Comput. Secur. 52, 128–141 (2015)CrossRef

14.

Boksem, M.A.S., Tops, M.: Mental fatigue: costs and benefits. Brain Res. Rev. 59(1), 125–139 (2008). https://doi.org/10.1016/j.brainresrev.2008.07.001CrossRef

15.

van der Linden, D., Frese, M., Meijman, T.F.: Mental fatigue and the control of cognitive processes: effects on perseveration and planning. Acta Psychol. 113(1), 45–65 (2003). https://doi.org/10.1016/S0001-6918(02)00150-6CrossRef

16.

Furnell, S., Thomson, K.-L.: Recognising and addressing ‘security fatigue’. Comput. Fraud Secur. 2009(11), 7–11 (2009). https://doi.org/10.1016/S1361-3723(09)70139-3CrossRef

17.

Scott, J., Carrington, P.J.: The SAGE Handbook of Social Network Analysis, SAGE Publications (2011)

18.

Fu, J., Sun, D., Chai, J., Xiao, J., Wang, S.: The “six-element” analysis method for the research on the characteristics of terrorist activities. Ann. Oper. Res. 234, 17–35 (2015)MathSciNetCrossRef

19.

Philips, E., Nurse, J., Goldsmith, M., Creese, S.: Applying social network analysis to security. In: Working Papers of the Sustainable Society Network, pp. 11–27 (2015)

20.

Dang-Pham, D., Pittayachawan, S., Bruno, V.: Applications of social network analysis in behavioural information security research: concepts and empirical analysis. Comput. Secur. 68, 1–15 (2017)CrossRef

21.

Armstrong, H.L., McCulloh, I.: Organizational risk using network analysis. In: Proceedings of South African Information Security Multi-Conference (2010)

22.

Armstrong, H., Armstrong, C., McCulloh, I.: A Course Applying Network Analysis to Organizational Risk in Information Security (2010)

23.

Whitman, M.E., Mattord, H.J.: Principles of Information Security. Cengage Learning (2011)

24.

Clemente, F.M., Martins, F.M.L., Mendes, R.S.: Social network analysis applied to team sports analysis. SAST. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-25855-3CrossRef

25.

Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. Comput. Netw. ISDN Syst. 30(1–7), 107–117 (1998)CrossRef

26.

Freeman, L.C., Roeder, D., Mulholland, R.R.: Centrality in social networks: II. Experimental results. Soc. Netw. 2(2), 119–141 (1979)CrossRef

27.

Hanneman, R.A., Riddle, M.: Introduction to Social Network Methods. University of California (2005)

28.

Wasserman, S., Faust, K.: Social Network Analysis: Methods and Applications. Cambridge University Press, Cambridge (1994)CrossRef

29.

Borgatti, S.P.: Centrality and network flow. Soc. Netw. 27, 55–71 (2005)CrossRef

30.

Clancy, D.K., Collins, F.: Informal accounting information systems: some tentative findings. Account. Organ. Soc. 4(1–2), 21–30 (1979)CrossRef

31.

MacDonald, S.: Informal information flow and strategy in the international firm. Int. J. Technol. Manage. 11(1–2), 219–232 (1996)

32.

Duncombe, R., Heeks, R.: Enterprise across the digital divide: information systems and rural microenterprise in Botswana. J. Int. Dev. 14(1), 61–74 (2002)CrossRef

33.

CASOS, “ORA-Lite” (2018). www.casos.cs.cmu.edu/projects/ora

Titel: The Feasibility of Raising Information Security Awareness in an Academic Environment Using SNA
verfasst von: Rudi Serfontein
Lynette Drevin
Hennie Kruger
Verlag: Springer International Publishing
Buch: Information Security Education – Towards a Cybersecure Society
Print ISBN: 978-3-319-99733-9

Electronic ISBN: 978-3-319-99734-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-99734-6_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"