A prototype tool for information security awareness and training |
Information systems security is a critical issue for all organisations with a significant
Furnell SM, Gennatou M, Haskell-Dowland PS (Dowland PS)
dependence upon information technology. However, it is a requirement that is often
difficult to address, particularly within small organisations, as a result of a lack of
resources and expertise. This paper identifies the need for security awareness and
describes the prototype implementation of a software tool that enables individuals to
pursue self-paced security training. The tool provides an environment that permits the
user to simulate the introduction of security into a number of pre-defined case study
scenarios. This enables staff to become familiar with the types of countermeasures
available, the situations in which they are appropriate and any constraints that they
may impose. This would be particularly valuable in small organisations where
specialist knowledge is often scarce and issues need to be addressed by existing staff.