Improving Security Awareness And Training Through Computer-Based Training |
Security awareness is a critical issue for all organisations that depend upon information technology. However, significant survey evidence suggests that the issue is often given inadequate attention in modern organisations, leading to problems through security incidents. This paper considers various means that can be used to instil greater awareness, and argues that the most effective method is likely to be via training and awareness programmes. Unfortunately, organisational constraints often preclude the pursuit of such programmes (either in-house or externally) in a traditional manner, and a substitute is needed that can be accessed on-demand, in a self-paced manner. Thus the use of computer-based training is proposed, and the paper discusses the ongoing realisation of an appropriate training tool. The prototype provides an environment that permits the user to explore security problem scenarios, and then select appropriate countermeasures to address the issues identified. It is considered that such an approach would be suitable for promoting day-to-day security awareness for general users, and conducting more specific training for staff with greater security responsibilities.
Furnell SM, Warren A, Haskell-Dowland PS (Dowland PS)