A Web based information security skills assessment prototype
Abstract
Cyber-attacks are continuously evolving to a great extent faster than cyber defences. The result is an ever-increasing frequency of attacks and the probability of success over time. To ensure employees are able to avoid or counter information security attacks directed at them and the organisation, it is necessary to carry out continuous security awareness and training, and, ensure this training is relevant to employees. Existing tools to assess information security skills among employees generally require the expertise of technical persons and are often not well tailored to an organisations’ specific needs. This study aims at developing a prototype which organisations can use to create information security skills assessments for their employees. Employees can then log in to the prototype at their convenient time and take the assessment. At the end of the assessment, each employee receives a percentage mark of their performance. Based on this percentage the employee is ranked as either beginner, intermediate or advanced and is also given a list of their weak areas based on questions they got wrong. The weak areas can be used to identify gaps and this information used to customise security awareness and training programs to meet employees’ needs. The research study adopted agile development methodology to design and develop a prototype to address identified gaps. The prototype was tested and validated to ensure it meets the intended goals and recorded impressive results.
Collections
Related items
Showing items related by title, author, creator and subject.
-
E-government security: information security management model for public administration in Kenya
Oyieyo, William O. (Strathmore University, 2010-06)Information security in e-government in public administration in Kenya has not been adequately addressed. In order to develop an Information Security Management Model for Public Administration in Kenya, a questionnaire ... -
E-government security : information security management model for public administration in Kenya
Oyieyo, William Odongo; Ateya, Ismail (Dr.) Supervisor -
Information technology in medical research improving the security of medical research information. a case study of Kenya Medical Research Institute (KEMRI)
Lelei, Linda Chelagat (Strathmore University, 2010)This research describes the current status of the security of medical research information with the focus on Kenya Medical Research Institute (KEMRI) and how to improve it. Currently, there are no adequate security protection ...