Promoting security awareness and training within small organisations |
Information systems security is a critical issue for all organisations with a significant dependence upon information technology. However, it is a requirement that is often difficult to address, particularly within small organisations, as a result of a lack of resources and expertise. This paper identifies the need for security awareness and describes the prototype implementation of a software tool that enables individuals to pursue self-paced security training. The tool provides an environment that permits the user to simulate the introduction of security into a number of pre-defined case study scenarios. This enables staff to become familiar with the types of countermeasures available, the situations in which they are appropriate and any constraints that they may impose. This would be particularly valuable in small organisations where specialist knowledge is often scarce and issues need to be addressed by existing staff.
Furnell SM, Gennatou M, Haskell-Dowland PS (Dowland PS)