A Web based information security skills assessment prototype

Abstract

Cyber-attacks are continuously evolving to a great extent faster than cyber defences. The result is an ever-increasing frequency of attacks and the probability of success over time. To ensure employees are able to avoid or counter information security attacks directed at them and the organisation, it is necessary to carry out continuous security awareness and training, and, ensure this training is relevant to employees. Existing tools to assess information security skills among employees generally require the expertise of technical persons and are often not well tailored to an organisations’ specific needs. This study aims at developing a prototype which organisations can use to create information security skills assessments for their employees. Employees can then log in to the prototype at their convenient time and take the assessment. At the end of the assessment, each employee receives a percentage mark of their performance. Based on this percentage the employee is ranked as either beginner, intermediate or advanced and is also given a list of their weak areas based on questions they got wrong. The weak areas can be used to identify gaps and this information used to customise security awareness and training programs to meet employees’ needs. The research study adopted agile development methodology to design and develop a prototype to address identified gaps. The prototype was tested and validated to ensure it meets the intended goals and recorded impressive results.