Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.594784
Title: Personalising information security education
Author: Talib, Shuhaili
ISNI:       0000 0004 5348 3069
Awarding Body: University of Plymouth
Current Institution: University of Plymouth
Date of Award: 2014
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal role. Even with the best of protection, an ill-informed person can effectively remove any protection the control might provide. Information security awareness is therefore imperative to ensure a population is well educated with respect to the threats that exist to one’s electronic information, and how to better protect oneself. Current information security awareness strategies are arguably lacking in their ability to provide a robust and personalised approach to educating users, opting for a blanket, one-size-fits-all solution. This research focuses upon achieving a better understanding of the information security awareness domain; appreciating the requirements such a system would need; and importantly, drawing upon established learning paradigms in seeking to design an effective personalised information security education. A survey was undertaken to better understand how people currently learn about information security. It focussed primarily upon employees of organisations, but also examined the relationship between work and home environments and security practice. The survey also focussed upon understanding how people learn and their preferences for styles of learning. The results established that some good work was being undertaken by organisations in terms of security awareness, and that respondents benefited from such training – both in their workplace and also at home – with a positive relationship between learning at the workplace and practise at home. The survey highlighted one key aspect for both the training provided and the respondents’ preference for learning styles. It varies. It is also clear, that it was difficult to establish the effectiveness of such training and the impact upon practice. The research, after establishing experimentally that personalised learning was a viable approach, proceeded to develop a model for information security awareness that utilised the already successful field of pedagogy and individualised learning. The resulting novel framework “Personalising Information Security Education (PISE)” is proposed. The framework is a holistic approach to solving the problem of information security awareness that can be applied both in the workplace environment and as a tool for the general public. It does not focus upon what is taught, but rather, puts into place the processes to enable an individual to develop their own information security personalised learning plan and to measure their progress through the learning experience.
Supervisor: Clarke, Nathan Sponsor: Ministry of Higher Education Malaysia
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.594784  DOI: Not available
Keywords: Information security awareness ; Information security education
Share: