Abstract
Security awareness is a critical issue for all organisations that depend upon information technology. However, significant survey evidence suggests that the issue is often given inadequate attention in modern organisations, leading to problems through security incidents. This paper considers various means that can be used to instil greater awareness, and argues that the most effective method is likely to be via training and awareness programmes. Unfortunately, organisational constraints often preclude the pursuit of such programmes (either in-house or externally) in a traditional manner, and a substitute is needed that can be accessed on-demand, in a self-paced manner. Thus the use of computer-based training is proposed, and the paper discusses the ongoing realisation of an appropriate training tool. The prototype provides an environment that permits the user to explore security problem scenarios, and then select appropriate countermeasures to address the issues identified. It is considered that such an approach would be suitable for promoting day-to-day security awareness for general users, and conducting more specific training for staff with greater security responsibilities.
Chapter PDF
Similar content being viewed by others
References
Audit Commission. 2001. yourbusiness@risk - An update on IT Abuse 2001. Audit Commission Publications. September 2001.
British Standards Institution. 2000. Information technology. Code of practice for information security management. BS ISO/IEC 17799:2000. 15 February 2001. ISBN 0 580 36958 7.
Cole, E. 2001. Hackers Beware. New Riders. ISBN 0735710090. pp 290–291.
Davey, J, Furnell, S. and Gaunt, N. 2001. “The ISHTAR Security Guidelines”, in Implementing Secure Healthcare Telematics Applications in Europe. The ISHTAR Consortium (Eds). Technology and Informatics 66, IOS Press: pp 167–180.
DTI. 2002. Information Security Breaches Survey 2002. Department of Trade & Industry, April 2002. URN 02 /318.
Ernst & Young. 2002. Global Information Security Survey 2002. Technology and Security Risk Services, Ernst & Young LLP.
Finch, J.W, Furnell, S.M, and Dowland, P.S. 2003. “Assessing IT Security Culture: System Administrator and End-User Perspectives”, to appear in Proceedings of ISOneWorld 2003 conference and convention, Las Vegas, Nevada, USA, April 23–25, 2003.
Furnell, S.M., Gennatou, M. and Dowland, P.S. 2002. “A prototype tool for information security awareness and training”, Logistics Information Management, vol. 15, no. 5 /6: 352–357.
KPMG. 1998. Information Security Survey 1998. KPMG Information Risk Management, London, UK.
Learning Tree. 2002. Hands-On Training for IT Professionals and Managers, Learning Tree International catalogue, September 2002 - February 2003.
Lee, W.W. and Mamone, R.A. 1995. The Computer Based Training I-Iandbook: Assessment, Design, Development, Evaluation. Englewood Cliffs, NJ: Educational Technology Publications.
NCC. 2000. The Business Information Security Survey 2000 (BISS 2000 ). National Computing Centre, Manchester, UK.
OECD. 2002. OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security. Organisation for Economic Co-operation and Development.
Warren, A. 2002. An Educational Tool for Information Security. MSc Thesis. University of Plymouth, Plymouth, UK.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer Science+Business Media New York
About this paper
Cite this paper
Furnell, S.M., Warren, A.G., Dowland, P.S. (2003). Improving Security Awareness through Computer-Based Training. In: Irvine, C., Armstrong, H. (eds) Security Education and Critical Infrastructures. WISE 2003. IFIP Advances in Information and Communication Technology, vol 125. Springer, New York, NY. https://doi.org/10.1007/978-0-387-35694-5_26
Download citation
DOI: https://doi.org/10.1007/978-0-387-35694-5_26
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4757-6491-8
Online ISBN: 978-0-387-35694-5
eBook Packages: Springer Book Archive