Abstract
One of the key issues concerning IT systems is Information Security Management. Among the security objectives in the ISO/IEC 27002:2013 standard refers to information security awareness, education and training. In this area there are many important aspects but in this paper authors focus on people, their knowledge and their security awareness. Authors introduce a model that could illustrate organization members, their relations and knowledge about security. Results of simulations can be used to create plans of training to increase their security awareness. Finally authors present few cases where different strategies of teaching people are tested and the analysis is presented. If knowledge does not change under the influence of co-workers, it is better to train those with smallest knowledge.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)
Bylica, W., Ksiezopolski, B.: On scalable security audit for web application according to ISO 27002. In: Computer Networks. CCIS, vol. 160, pp. 386–397. Springer (2011)
Mazur, K., Ksiezopolski, B., Kotulski, Z.: The robust measurement method for security metrics generation. Comput. J. 58(10), 2280–2296 (2014). Oxford Press
Niescieruk, A., Ksiezopolski, B.: Motivation-based risk analysis process for IT Systems. In: AsiaARES, vol. 8407, pp. 446–455 (2014)
de Nooy, W., Mrvar, A., Batagelj, V.: Exploratory Social Network Analysis with Pajek (2004). http://vlado.fmf.uni-lj.si/pub/networks/data/esna/hiTech.htm
Rogers, M.K., Seigfried, K., Tidke, K.: Self-reported computer criminal behavior: a psychological analysis. Dig. Invest. 3, 116–120 (2006)
von Solms, B.: Information security - a multidimensional discipline. Comput. Secur. 20, 504–508 (2001). Elsevier Science Ltd.
The web page of the QoP-ML project (2015). http://qopml.org/
Valentine, A.J.: Enhancing the employee security awareness model. Comput. Fraud Secur. 2006(6), 17–19 (2006). Cybertrust’s ICSA Labs
Westin, A.F.: Social and political dimensions of privacy. J. Soc. Issues 59(2), 431–453 (2003). Columbia University
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Niescieruk, A., Ksiezopolski, B., Nielek, R., Wierzbicki, A. (2017). How to Train People to Increase Their Security Awareness in IT. In: Park, J., Chen, SC., Raymond Choo, KK. (eds) Advanced Multimedia and Ubiquitous Engineering. FutureTech MUE 2017 2017. Lecture Notes in Electrical Engineering, vol 448. Springer, Singapore. https://doi.org/10.1007/978-981-10-5041-1_3
Download citation
DOI: https://doi.org/10.1007/978-981-10-5041-1_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5040-4
Online ISBN: 978-981-10-5041-1
eBook Packages: EngineeringEngineering (R0)