ebook img

COPYRIGHT STATEMENT This copy of the thesis has been supplied on condition that anyone who ... PDF

386 Pages·2014·11.1 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview COPYRIGHT STATEMENT This copy of the thesis has been supplied on condition that anyone who ...

COPYRIGHT STATEMENT This copy of the thesis has been supplied on condition that anyone who consults it is understood to recognise that its copyright rests with its author and that no quotation from the thesis and no information derived from it may be published without the author’s prior consent. Copyright © 2014 Shuhaili Talib PERSONALISING INFORMATION SECURITY EDUCATION by SHUHAILI TALIB A thesis submitted to Plymouth University in partial fulfilment for the degree of DOCTOR OF PHILOSOPHY School of Computing and Mathematics Faculty of Science and Technology January 2014 Abstract Personalising Information Security Education Shuhaili Talib Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal role. Even with the best of protection, an ill- informed person can effectively remove any protection the control might provide. Information security awareness is therefore imperative to ensure a population is well educated with respect to the threats that exist to one’s electronic information, and how to better protect oneself. Current information security awareness strategies are arguably lacking in their ability to provide a robust and personalised approach to educating users, opting for a blanket, one-size-fits-all solution. This research focuses upon achieving a better understanding of the information security awareness domain; appreciating the requirements such a system would need; and importantly, drawing upon established learning paradigms in seeking to design an effective personalised information security education. A survey was undertaken to better understand how people currently learn about information security. It focussed primarily upon employees of organisations, but also examined the relationship between work and home environments and security practice. The survey also focussed upon understanding how people learn and their preferences for styles of learning. The results established that some good work was being undertaken by organisations in terms of security awareness, and that respondents benefited from such training – both in their workplace and also at home – with a positive relationship between learning at the workplace and practise at home. The survey highlighted one key aspect for both the training provided and the respondents’ preference for learning styles. It varies. It is also clear, that it was difficult to establish the effectiveness of such training and the impact upon practice. The research, after establishing experimentally that personalised learning was a viable approach, proceeded to develop a model for information security awareness that utilised the already successful field of pedagogy and individualised learning. The resulting novel framework “Personalising Information Security Education (PISE)” is proposed. The framework is a holistic approach to solving the problem of information security awareness that can be applied both in the workplace environment and as a tool for the general public. It does not focus upon what is taught, but rather, puts into place the processes to enable an individual to develop their own information security personalised learning plan and to measure their progress through the learning experience. Contents! List of Figures ....................................................................................................................................... iv! List of Tables ........................................................................................................................................ vi! Abbreviations ..................................................................................................................................... viii! Acknowledgement ................................................................................................................................ xi! Authors Declaration ............................................................................................................................. xii! 1 Introduction ........................................................................................................................................ 1! 1.1 Aim and objectives ..................................................................................................................... 3! 1.2 Thesis structure .......................................................................................................................... 3! 2! A Review of Information Security Awareness and Practices ......................................................... 5! 2.1! Introduction ............................................................................................................................ 5! 2.2 The importance of information security awareness .................................................................... 5! 2.3 Information security awareness .................................................................................................. 8! 2.4 Security Awareness .................................................................................................................. 11! 2.4.1. Information Security Awareness at University of Missouri and Aetna ............................... 12! 2.4.2 Security Awareness for Home users .................................................................................. 14! 2.5 Conclusion ................................................................................................................................ 20! 3! An Information Security Awareness Survey ................................................................................. 21! 3.1 Purpose of the survey ............................................................................................................... 21! 3.2 Research method ..................................................................................................................... 22! 3.3 Methodology of the survey ....................................................................................................... 22! 3.4 Validation of the survey ............................................................................................................ 25! 3.5 Filtering mechanism ................................................................................................................. 26! 3.6 Survey findings ......................................................................................................................... 28! 3.6.1 Demographics .................................................................................................................... 28! 3.6.2 Information security awareness level ................................................................................. 32! 3.6.3 Information security practices at workplace ....................................................................... 40! 3.6.4 Information security practices at home .............................................................................. 50! 3.6.5 Effectiveness of information security training ..................................................................... 59! 3.7 Conclusion ................................................................................................................................ 71! 4 Education and Learning Practices ................................................................................................... 77! 4.1 Introduction ............................................................................................................................... 77! 4.2 Information security awareness and practices through education ............................................ 78! 4.3 Learning styles ......................................................................................................................... 80! 4.3.1 Learning styles in adult education ...................................................................................... 83! i 4.3.2 Human Sensory Learning Styles ....................................................................................... 85! 4.3.3 VARK Learning Styles ....................................................................................................... 87! 4.3.4 Critique about learning styles ............................................................................................. 89! 4.4 Personalised learning ............................................................................................................... 90! 4.4.1 Challenges in implementing personalising learning ........................................................... 97! 4.4.2 Benefits of personalising learning ...................................................................................... 98! 4.5 Implementation of the personalised learning ............................................................................ 99! 4.6 Models of Personalised Learning ........................................................................................... 100! 4.6.1 Personalised Collaborative Skills for student Model (CDSM) .......................................... 100! 4.6.2 Conceptual model for construction .................................................................................. 104! 4.6.3 Personalised learning system based on Solomon Learning Style ................................... 106! 4.7 Conclusion .............................................................................................................................. 108! 5 An Investigation into Improving Information Security Practices through Personalised Learning ... 109! 5.1 Introduction ............................................................................................................................. 109! 5.2 Methodology ........................................................................................................................... 109! 5.2.1! Research design ......................................................................................................... 109! 5.2.2 Preliminary study report 1 ................................................................................................ 114! 5.2.3 Preliminary study report 2 ................................................................................................ 117! 5.3 Study on the effectiveness of learning styles upon learning information security topic (Main study). ........................................................................................................................................... 122! 5.4 Results .................................................................................................................................... 124! 5.4.1 Demographics .................................................................................................................. 124! 5.4.2 Analysis based on VARK classification ............................................................................ 126! 5.4.3 Further Analysis ............................................................................................................... 132! 5.5 Discussion .............................................................................................................................. 138! 5.6 Conclusion .............................................................................................................................. 139! 6 The Personalising Information Security Education (PISE) Framework .......................................... 140! 6.1 Introduction ............................................................................................................................. 140! 6.2 System Requirements ............................................................................................................ 140! 6.3 PISE Model ............................................................................................................................. 141! 6.4 PISE Implementation .............................................................................................................. 148! 6.4.1 Private PISE ..................................................................................................................... 149! 6.4.2 Public PISE ...................................................................................................................... 159! 6.4.3 PISE System Prototype ................................................................................................... 168! 6.5 PISE Evaluation and Discussion ............................................................................................ 181! 6.6 Conclusion .............................................................................................................................. 182! ii 7 Conclusion and Future Works ........................................................................................................ 184! 7.1! Achievements .................................................................................................................... 184! 7.2 Limitations .............................................................................................................................. 186! 7.3 Future research ...................................................................................................................... 187! 7.4 The future of information security education .......................................................................... 188! References ........................................................................................................................................ 189! Appendix A ............................................................................................................................................. I! Faculty of Technology Ethical Approval Application Form ................................................................ I! Appendix B ............................................................................................................................................. I! The Transferability of Information Security Knowledge Survey ......................................................... I! Appendix C ........................................................................................................................................ XIV! The First Version of Survey Questions .......................................................................................... XIV! Appendix D ..................................................................................................................................... XXVI! The Survey Results .................................................................................................................... XXVI! Appendix E ...................................................................................................................................... XLIII! Pre-test Questions Version 1 ....................................................................................................... XLIII! Appendix F ...................................................................................................................................... XLIX! Learning materials ....................................................................................................................... XLIX! Appendix G ..................................................................................................................................... LXIII! Answer Key To The Pre-test Version 1 ....................................................................................... LXIII! Appendix H ....................................................................................................................................... LXV! Pre-test Questions Version 2 ........................................................................................................ LXV! Appendix I ...................................................................................................................................... LXXII! Answer Key to Pre-test Version 2 ............................................................................................... LXXII! Appendix J ................................................................................................................................... LXXIV! Faculty of Science and Technology Ethical Approval of Research Involving Human Participants .................................................................................................................................................. LXXIV! Appendix K ........................................................................................................................................ CIX! VARK Questionnaire .................................................................................................................... CIX! Appendix L ...................................................................................................................................... CXV! User Experience Survey .............................................................................................................. CXV! Appendix M ....................................................................................................................................... 118! Expert Evaluation ......................................................................................................................... 118! Appendix N ........................................................................................................................................ 122! Publications .................................................................................................................................. 122! iii List of Figures Figure 1 Survey respondents by age range ....................................................................................... 28! Figure 2 Respondents by their highest level of education ................................................................. 29! Figure 3 Respondents by their size of organisation ........................................................................... 31! Figure 4 Respondents by their primary role within the organisation .................................................. 32! Figure 5 Information security awareness level ................................................................................... 33! Figure 6 Respondents by their Internet/computing skills ................................................................... 34! Figure 7 Respondents' information security awareness level and Internet/computing skills ............. 34! Figure 8 Percentage of total respondents about who they think is responsible for information security tasks ................................................................................................................................................... 35! Figure 9 Security term 'Phlopping' and respondents' security awareness level ................................. 38! Figure 10 Security term 'Whooping" and respondednts' security awareness level (in percentage) ... 39! Figure 11 Security term 'Whooping' and respondents' security awareness level (in percentage) ..... 39! Figure 12 Respondents by information security training provided in their organisation ..................... 40! Figure 13 Percentage of respondents by frequency of attending security training ............................ 41! Figure 14 Percentage of respondents by experienced training methods ........................................... 43! Figure 15 Respondents by their preferences for having information security training ....................... 48! Figure 16 Percentage of respondents who answered 'Always' to the above statements (at workplace) ........................................................................................................................................................... 49! Figure 17 Percentage of respondents who answered 'Never' to the above statements (at workplace) ........................................................................................................................................................... 50! Figure 18 Respondents by how frequent they read about information security at home ................... 53! Figure 19 Respondents by their opinion on giving personal data on the websites ............................ 54! Figure 20 Percentage of respondents who are using security controls at home ............................... 57! Figure 21 Percentage of respondents who answered 'Always' to the above statements (at home) .. 59! Figure 22 Percentage of respondents who answered 'Never' to the above statements (at home) .... 59! Figure 23 Respondents who attended training and their awareness level ......................................... 60! Figure 24 Percentage for who respondents (received training) think is responsible for information security tasks ..................................................................................................................................... 61! Figure 25 Families of learning styles (Coffield et al., 2004a) ............................................................. 83! Figure 26 A map showing the links between personalised learning, individualised learning and different approaches .......................................................................................................................... 91! Figure 27 Individual model ............................................................................................................... 102! Figure 28 Group model .................................................................................................................... 103! Figure 29 Collaborative model ......................................................................................................... 103! Figure 30 PLE Prototype incorporating learning styles conceptual model ....................................... 105! Figure 31 Structure of personalised learning system - Solomon's Learning styles based ............... 107! Figure 32 Summary of study session ............................................................................................... 111! Figure 33 Table for VARK database October-December 2011: Distribution of preferences ............ 126! Figure 34 ADDIE processes ............................................................................................................. 143! Figure 35 Proposed PISE framework ............................................................................................... 144! Figure 36 Proposed PISE framework continue ................................................................................ 145! Figure 37 Flowchart symbols ........................................................................................................... 150! Figure 38 The Registration flowcharts for Private Trainee ............................................................... 153! Figure 39 Flowcharts for Private trainee .......................................................................................... 154! iv Figure 40 Flowcharts for PISE System Administrator ...................................................................... 156! Figure 41 Flowcharts for PISE System Administrator (Private PISE) .............................................. 157! Figure 42 Flowcharts for Private PISE Training Course Administrator ............................................ 158! Figure 43 Flowcharts for Registration Public PISE Trainee ............................................................. 161! Figure 44 Flowcharts for Public Trainee .......................................................................................... 163! Figure 45 Flowcharts for PISE System Administrator (Public PISE) ................................................ 164! Figure 46 Flowcharts for Public PISE Training Course Administrator .............................................. 166! Figure 47 Screenshot for Private Trainee Registration .................................................................... 169! Figure 48 Screenshot for Public Trainee Registration ..................................................................... 169! Figure 49 Screenshot for the Private and Public trainee taking pre-test .......................................... 170! Figure 50 Screenshot for Public and Private trainee view results .................................................... 171! Figure 51 Screenshot for Public and Private trainee view results (continue) ................................... 171! Figure 52 Screenshot for Public and Private trainee learning materials (Visual mode) ................... 172! Figure 53 Screenshot for Public and Private Trainee download modules ....................................... 173! Figure 54 Screenshot for Public and Private Trainee choose assessments .................................... 174! Figure 55 Screenshot for Public Trainee Upload modules ............................................................... 174! Figure 56 Screenshot for PISE System Administrator dashboard ................................................... 175! Figure 57 Screenshot for PISE System Administrator Approval ...................................................... 176! Figure 58 Screenshot for PISE System Administrator to assign role to Public trainee .................... 177! Figure 59 Screenshot for PISE System Administrator assign role to Private PISE trainee ............. 177! Figure 60 Screenshot for PISE System Administrator Manage trainee ........................................... 178! Figure 61 Screenshot for PISE Private Training Course Administrator assign module ................... 179! Figure 62 Screenshot for Public PISE Training Course Administrator updates module .................. 180! Figure 63 Screenshot for Public PISE Training Course Administrator verify assessments ............. 180! v List of Tables Table 1 Classification of information security awareness mechanisms ............................................... 9! Table 2 Comparisons of information security awareness programme at Aetna and University of Missouri .............................................................................................................................................. 13! Table 3 Respondents by their organisation’s industry ....................................................................... 30! Table 4 Respondents by their understanding of information security terms ...................................... 37! Table 5 Percentage of respondents by training location .................................................................... 41! Table 6 Security topics being taught in information security training ................................................. 42! Table 7 Respondents by sources of information security knowledge at their workplace ................... 45! Table 8 Respondents by sources of information security knowledge at home .................................. 51! Table 9 Respondents by their personal information that made visible in social networking websites 55! Table 10 Respondents who said 'absolutely insecure' to put details of personal information on their social networking websites ................................................................................................................. 56! Table 11 Respondents by training type and size of organisation ....................................................... 62! Table 12 Respondents who understand the below security terms ..................................................... 63! Table 13 Respondents by their good information security practices (based in who answered 'Always' at workplace and home) ..................................................................................................................... 65! Table 14 Respondents by their negative security practices (based on who answered 'Never' at workplace and home) ......................................................................................................................... 68! Table 15 Respondents by their good information security practices at home (based on who answered 'Always') ............................................................................................................................................. 69! Table 16 Comparison of respondents by their opinion about giving personal data on websites ....... 70! Table 17 Comparison of respondents who backup their data on personal computer at home .......... 70! Table 18 Comparison of respondents who answered 'Yes' to the below security controls at home .. 71! Table 19 Comparison of sources of information security knowledge between workplace and home 74! Table 20 Comparison of the top three sources of information security knowledge at workplace and home .................................................................................................................................................. 75! Table 21 Learning styles in adult education ....................................................................................... 84! Table 22 Time taken to complete the experiment ............................................................................ 116! Table 23 Preliminary study: Comparisons of the pre and post-test results ...................................... 116! Table 24 Participants' information .................................................................................................... 119! Table 25 The materials used in the study ........................................................................................ 120! Table 26 Time taken by participants to complete the second preliminary study .............................. 120! Table 27 Results for the second preliminary study .......................................................................... 121! Table 28 VARK classifications and gender ...................................................................................... 125! Table 29 Detailed scores for Aural participants ............................................................................... 127! Table 30 Detailed scores of uni-modal Read/write participants ....................................................... 128! Table 31 Detailed scores of uni-modal Kinaesthetic participant ...................................................... 129! Table 32 Detailed scores of bi-modal participants ........................................................................... 129! Table 33 Detailed scores of tri-modal participants ........................................................................... 130! Table 34 Detailed scores of quad-modal participants ...................................................................... 130! Table 35 Detailed scores of a dyslexic participant ........................................................................... 132! Table 36 Analysis of the participants' VARK and the Improvement Scores ..................................... 134! Table 37 Detailed scores for participants who scored the highest VARK and highest improvement scores ............................................................................................................................................... 135! vi Table 38 Detailed scores for participants who scored the second highest VARK and highest improvement scores ......................................................................................................................... 136! Table 39 Detailed score for participants scored lowest VARK and lowest improvement scores ..... 137! Table 40 Detailed score for participants who has only positive improvement scores ...................... 137! Table 41 Detailed scores of participants with mismatched learning style ........................................ 138! Table 42 Summary of users’ roles for Private PISE System ............................................................ 151! Table 43 Summary of users’ roles for Public PISE System ............................................................. 160! vii

Description:
5 An Investigation into Improving Information Security Practices through Personalised Learning 109! Building upon the study discussed in chapter 5, chapter 6 uses the results to inform a. Personalised This is expected since the IDS application is merely advanced as compared to other security.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.