ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Assessment of need and method of delivery for information security awareness program
Full text PdfPdf (89 KB)
Source Information security curriculum development archive
Proceedings of the 3rd annual conference on Information security curriculum development table of contents
Kennesaw, Georgia
SESSION: Practice table of contents
Pages: 102 - 108  
Year of Publication: 2006
ISBN:1-59593-437-5
Author
Wasim A. Al-Hamdani  Kentucky State University, Frankfort, KY
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 30,   Downloads (12 Months): 182,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1231047.1231069
What is a DOI?

ABSTRACT

This paper looks at the assessment for quantity of information security awareness programs needed at Kentucky State University as a first step, and then the model is generated for a larger population. The model used is based on various levels of education and a randomly selected sample space. The model is also based on two assessments: the first focuses on information security in general, while the second assessment covers the following topics:

Data classification

Security job role

Awareness programs

Spam and virus knowledge

Social engineering

The sample space was randomly selected from a population of about 49,640 in Franklin County [5] and the results were then generalized for larger populations. The results show that there is a real need for information security awareness programs for the general public. However, the research also shows a large number of instructors needed per 1000 of population to start the information security awareness public program. These primary results have been looked at in two different aspects - the first as "in-class delivery" and the second as "out-class delivery". The research points out there hold unrealistic results for in-class delivery, hence we must focus on out-class awareness programs.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
NIST Special Publication 800-26 Security Self-Assessment Guide for Information Technology Systems
 
2
NIST Special Publication 800-12, An Introduction to Computer Security: The NIST Handbook (Handbook),
 
3
NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems (Principles and Practices)
 
4
NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems (Planning Guide).
 
5
http://www.louisville.edu/~easchn01/kentucky/kypopl.html
 
6
http://www.surveysystem.com/sdesign.htm
 
7
SP 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model
 
8
http://quickfacts.census.gov/qfd/states/21000.html (US stat Population)
 
9
NSTISSI No. 4011 20 June 1994 National Training Standard for Information System Security (INFOSEC) Professionals
 
10
NSTISSI No. 4012 August 1997 National Training Standard Designated Approving Authority (DAA)
 
11
NSTISSI No. 4013 August 1997 National Training Standard System Administrators in Information System Security (INFOSEC)
 
12
NSTISSI No. 4014 August 1997 National Training Standard Information Security Officers (ISSO)
 
13
http://www.iwar.org.uk/comsec/resources/canadaia/infosecawareness.htm
 
14
NIST Special Publication 800-50 Building an Information Technology Security Awareness and Training Program
 
15
http://csrc.nist.gov/ATE/awareness.html
 
16
NIST Special Publication 800-16
 
17
Mark Ciampa, Security Awareness: Applying Practical Security in Your World, Course Technology Press, 2006
 
18
http://nieer.org/resources/policybriefs/9.pdf

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Cryptographic controls; Information flow controls; Invasive software (e.g., viruses, worms, Trojan horses); Authentication

  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General

  K. Computing Milieux
  K.3 COMPUTERS AND EDUCATION
      K.3.2 Computer and Information Science Education
          Subjects: Curriculum; Information systems education
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security


Keywords:
curriculum development, information assurance, information assurance curriculum, information security, information security curriculum

Collaborative Colleagues:
Wasim A. Al-Hamdani: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player