Tjaart Steyn - Academia.edu (original) (raw)

Papers by Tjaart Steyn

Research paper thumbnail of A Linguistic Approach to Information Security Awareness Education in a Healthcare Environment

Information Security Education for a Global Digital Society, 2017

It is widely accepted that healthcare information security is extremely important and that securi... more It is widely accepted that healthcare information security is extremely important and that security breaches will have serious consequences in many areas. Despite controls, such as legal frameworks, as well as ongoing research projects into healthcare information security and privacy, there is still an alarming number of healthcare information security breaches reported annually. In this paper, a linguistic approach, utilizing a vocabulary test, is proposed as a tool to determine security awareness levels of healthcare workers and to assist in educating them in security awareness aspects. A vocabulary-measuring instrument was developed and distributed to healthcare workers in a large South African hospital group. Results indicated that information security awareness levels are generally acceptable, but that potential problem areas exist between certain language groups, as well as between different business functions (departments). The study also shows that the proposed approach may offer significant advantages in information security awareness campaigns.

Research paper thumbnail of The Use of an Information Security Vocabulary Test to Assess Information Security Awareness - An Exploratory Study

The dependence on human involvement and human behavior to protect information assets makes it nec... more The dependence on human involvement and human behavior to protect information assets makes it necessary to have an information security awareness program to make people aware of their roles and responsibilities towards information security. The aim of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to help with the identification of suitable areas or topics to be included in an information security awareness program. The use of such a vocabulary test is illustrated and results obtained suggest that information security awareness vocabulary tests are useful and should be considered when planning and developing an information security awareness program.

Research paper thumbnail of Rekenaarwetenskap & inligtingstelsels : 'n situasie-analise / Tjaart Steyn

Rekenaarwetenskap en Inligtingstelsels hied ondersteuning aan terreine wat teen 'n asemrowende te... more Rekenaarwetenskap en Inligtingstelsels hied ondersteuning aan terreine wat teen 'n asemrowende tempo ontwikkel en verander. Dit wil egter voorkom asof daar steeds onduidelikhede ten opsigte van hierdie vakgebied(e) bestaan. Daarom dan 'n paging om die vakgebiede van nader te bekyk. Volgens Thomson en Strickland (1993:55) is die doe! van situasie-analise: om daardie kenmerke in 'n onderneming se interne en eksterne omgewing te bepaal wat op die mees direkte 1101se die strategiese alternatiewe en geleenthede bei'nvloed. Ek sal nie streng by die meer formele voorskrifte ten opsigte van situasie-analise en strategiese beplanning hou nie. Tog word gepoog om bepaalde kenmerke en tendense ten opsigte van die rol van "lnligtingstegnologie" (IT) aan universiteite uit te Iig. 1.1 Vereenvoudigde skematiese voorstelling van 'n (moderne) rekenaar: In bykans a! ons kantore en in 'n groat persentasie van ons woonhuise kom rekenaars voor. Mense soos Biii Gates beywer huiie dan ook (miskien om meer materiele redes) vir 'n situasie van 'n rekenaar in elke huis en op elke Iessenaar. Min mense is egter op hoogte van die werklike samesteiiing van 'n rekenaar. Vervolgens sal die hoofkomponente van 'n rekenaar kortliks aangedui word. Invoereenhede Afvoereenhede Bogaande figuur stel op 'n vereenvoudigde wyse die hoofkomponente van 'n rekenaar voor: • Met behulp van die invoereenhede kan data, programme, ens. in die rekenaar ingevoer word. Voorbeelde van invoereenhede sluit in: sleutelbord, skandeerder, muis, ens.

Research paper thumbnail of A diet expert system utilizing linear programming models in a rule-based inference engine

Linear programming is commonly used for solving complex problems in various fields, including die... more Linear programming is commonly used for solving complex problems in various fields, including dietetics. Expert systems use expertise and inference procedures to solve problems that require advanced expert knowledge and are also applied to health related problems. Over the years many variations and facets of the diet problem and other related problems have been solved by means of linear programming techniques as well as expert systems. In this research, an expert system was created for the purpose of solving multiple facets of the diet problem, by creating a rule-based inference engine consisting of goal programming-and multi-objective linear programming models. The program was successfully applied to cases specific to South African teenage girls, which were obtained through system development. The resulting system compiles an eating-plan for a girl that conforms to the nutritional requirements of a healthy diet, includes the personal food preferences of the girl, and consists of food items that result in the lowest total cost. The system also allows prioritization of the food preference and least cost factors by means of weighted priorities.

Research paper thumbnail of An exact algorithm for the N-sheet two dimensional single stock-size cutting stock problem

ORiON, 2015

The method introduced in this paper extends the trim-loss problem or also known as 2D rectangular... more The method introduced in this paper extends the trim-loss problem or also known as 2D rectangular SLOPP to the multiple sheet situation where N same size two-dimensional sheets have to be cut optimally producing demand items that partially or totally satisfy the requirements of a given order. The cutting methodology is constrained to be of the guillotine type and rotation of pieces is allowed. Sets of patterns are generated in a sequential way. For each set found, an integer program is solved to produce a feasible or sometimes optimal solution to the N-sheet problem if possible. If a feasible solution cannot be identified, the waste acceptance tolerance is relaxed somewhat until solutions are obtained. Sets of cutting patterns consisting of N cutting patterns, one for each of the N sheets, is then analysed for optimality using criteria developed here. This process continues until an optimal solution is identified. Finally, it is indicated how a given order of demand items can be totally satisfied in an optimal way by identifying the smallest N and associated cutting patterns to minimize wastage. Empirical results are reported on a set of 120 problem instances based on well known problems from the literature. The results reported for this data set of problems suggest the feasibility of this approach to optimize the cutting stock problem over more than one same size stock sheet. The main contribution of this research shows the details of an extension of the Wang methodology to obtain and prove exact solutions for the multiple same size stock sheet case.

Research paper thumbnail of n Model van faktore wat die sukses van onderrigleer van tegnologie–gebaseerde onderwerpe beinvloed

Research paper thumbnail of Identity Theft — Empirical evidence from a Phishing Exercise

IFIP International Federation for Information Processing, 2007

Identity theft is an emerging threat in our networked world and more individuals and companies fa... more Identity theft is an emerging threat in our networked world and more individuals and companies fall victim to this type of fraud. User training is an important part of ICT security awareness; however, IT management must know and identify where to direct and focus these awareness training efforts. A phishing exercise was conducted in an academic environment as part of an ongoing information security awareness project where system data or evidence of users' behavior was accumulated. Information security culture is influenced by amongst other aspects the behavior of users. This paper presents the findings of this phishing experiment where alarming results on the staff behavior are shown. Educational and awareness activities pertaining to email environments are of utmost importance to manage the increased risks of identity theft.

Research paper thumbnail of An assessment of the role of cultural factors in information security awareness

2011 Information Security for South Africa, 2011

An information security awareness program is regarded as an important instrument in the protectio... more An information security awareness program is regarded as an important instrument in the protection of information assets. In this study, the traditional approach to an information security awareness program is extended to include possible cultural factors relating to people from diverse backgrounds. The human factor, consisting of two closely related dimensions, namely knowledge and behaviour, play a significant role in the field of ICT security. In addition, cultural factors also impact on the security knowledge and behaviour of people as cultural differences may manifest themselves in different levels of security awareness. An information security vocabulary test was used to assess the level of awareness pertaining to the two human dimensions-knowledge and behaviour amongst students from two different regional universities in South Africa. The objective is to determine whether cultural differences among students have an effect on their ICT security awareness levels. Results obtained suggest that certain cultural factors such as mother tongue, area where you grew up, etc., do have an impact on security awareness levels and should be taken into consideration when planning and developing an information security awareness program.

Research paper thumbnail of Determinants of Password Security: Some Educational Aspects

IFIP Advances in Information and Communication Technology, 2013

Development and integration of technology give organisations the opportunity to be globally compe... more Development and integration of technology give organisations the opportunity to be globally competitive. However, the potential misuse of Information Technology (IT) is a reality that has to be dealt with by management, individuals and information security professionals. Numerous threats have emerged over time in the networked world, but so have the ways of alleviating these risks. However, security problems are still imminent-as highlighted by the plethora of media articles and research efforts. The insider risk is stated as being around 80% of security threats [1] in a company. With this statistic in mind, management has to plan how to allocate resources to counteract the risks. Very often, simple measures such as good password behaviour are overlooked or not rated high enough to include in all security awareness programmes. This paper will focus on a study that assesses password management of future IT professionals. It will be demonstrated how management and educators can use these results to focus their efforts in order to improve users' password practices and thereby enhancing overall IT security.

Research paper thumbnail of Value-Focused Assessment of Information Communication and Technology Security Awareness in an Academic Environment

IFIP International Federation for Information Processing

The aim of this paper is to introduce the approach of value-focused thinking when identifying inf... more The aim of this paper is to introduce the approach of value-focused thinking when identifying information and communications technology (ICT) security awareness aspects. Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. How can personnel follow the rules when they don't know what the rules are? [I] This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning.

Research paper thumbnail of Email Security Awareness — a Practical Assessment of Employee Behaviour

IFIP — International Federation for Information Processing

Email communication is growing as a main method for individuals and organizations to communicate.... more Email communication is growing as a main method for individuals and organizations to communicate. Sadly, this is also an emerging means of conducting crime in the cyber world, e.g. identity theft, virus attacks etc. The need for improving awareness to these threats amongst employees is evident in media reports. Information security is as much a people issue as a technology one. This paper presents a description and results of an email awareness experiment that was performed amongst staff from a South African university. It is shown how management can use these results to focus and improve ICT awareness.

Research paper thumbnail of An Empirical Assessment of Factors Impeding Effective Password Management

Journal of Information Privacy and Security, 2008

Research paper thumbnail of Efficient waste reduction algorithms based on alternative underestimates for the modified Wang method

ORiON, 2014

This paper is concerned with wastage reduction in constrained two-dimensional guillotinecut cutti... more This paper is concerned with wastage reduction in constrained two-dimensional guillotinecut cutting stock problems, often called trim loss problems. A number of researchers report in the literature on algorithmic approaches to find exact solutions for the trim loss problem. Alternative heuristic functions are investigated and applied to the modified Wang method. This involves the sharpening of underestimates used in the methods heuristic function. Two aspects of these solution approaches are considered and some empirical results are given. The first part considers the feasibility to construct more informed heuristic functions. The second part investigates the role of more informedness on the computational cost of these search processes.

Research paper thumbnail of Password Management: Empirical Results from a RSA and USA Study

The state of information security as a whole is a disaster, a train wreck". This view is giv... more The state of information security as a whole is a disaster, a train wreck". This view is given by Forte and Power (2007) describing the state of information security towards the end of the first decade of the 21st century. Amongst solutions offered, the view that security programs have to be holistic is proposed indicating that technical controls are of little value without the workforce understanding the risks of their irresponsible behavior. Another solution proposed by them is the role of awareness and education. All levels of users should be targeted letting them understand their role and responsibility in information security. Password related behavior is often highlighted as a key component of information security

Research paper thumbnail of Reshaping computer literacy teaching in higher education

Interactive Technology and Smart Education, 2011

Purpose–Acquiring computer skills is more important today than ever before, especially in a devel... more Purpose–Acquiring computer skills is more important today than ever before, especially in a developing country. Teaching of computer skills, however, has to adapt to new technology. This paper aims to model factors influencing the success of the learning of computer ...

Research paper thumbnail of A vocabulary test to assess information security awareness

Information Management & Computer Security, 2010

PurposeThe dependence on human involvement and human behavior to protect information assets neces... more PurposeThe dependence on human involvement and human behavior to protect information assets necessitates an information security awareness program to make people aware of their roles and responsibilities towards information security. The purpose of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to assist with the identification of suitable areas or topics to be included in an information security awareness program.Design/methodology/approachA questionnaire has been designed to test and illustrate the feasibility of a vocabulary test. The questionnaire consists of two sections – a first section to perform a vocabulary test and a second one to evaluate respondents' behavior. Two different class groups of students at a university were used as a sample.FindingsThe research findings confirmed that the use of a vocabulary test to assess security awareness levels will be beneficial. A significant relationship...

Research paper thumbnail of Value-focused assessment of ICT security awareness in an academic environment

Computers & Security, 2007

Security awareness is important to reduce human error, theft, fraud, and misuse of computer asset... more Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning. The fundamental objectives were found to be in line with the acknowledged goals of ICT security, e.g. confidentiality, integrity and availability. Other objectives that emerged were more on the social and management side, e.g. responsibility for actions and effective use of resources.

Research paper thumbnail of A Linguistic Approach to Information Security Awareness Education in a Healthcare Environment

Information Security Education for a Global Digital Society, 2017

It is widely accepted that healthcare information security is extremely important and that securi... more It is widely accepted that healthcare information security is extremely important and that security breaches will have serious consequences in many areas. Despite controls, such as legal frameworks, as well as ongoing research projects into healthcare information security and privacy, there is still an alarming number of healthcare information security breaches reported annually. In this paper, a linguistic approach, utilizing a vocabulary test, is proposed as a tool to determine security awareness levels of healthcare workers and to assist in educating them in security awareness aspects. A vocabulary-measuring instrument was developed and distributed to healthcare workers in a large South African hospital group. Results indicated that information security awareness levels are generally acceptable, but that potential problem areas exist between certain language groups, as well as between different business functions (departments). The study also shows that the proposed approach may offer significant advantages in information security awareness campaigns.

Research paper thumbnail of The Use of an Information Security Vocabulary Test to Assess Information Security Awareness - An Exploratory Study

The dependence on human involvement and human behavior to protect information assets makes it nec... more The dependence on human involvement and human behavior to protect information assets makes it necessary to have an information security awareness program to make people aware of their roles and responsibilities towards information security. The aim of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to help with the identification of suitable areas or topics to be included in an information security awareness program. The use of such a vocabulary test is illustrated and results obtained suggest that information security awareness vocabulary tests are useful and should be considered when planning and developing an information security awareness program.

Research paper thumbnail of Rekenaarwetenskap & inligtingstelsels : 'n situasie-analise / Tjaart Steyn

Rekenaarwetenskap en Inligtingstelsels hied ondersteuning aan terreine wat teen 'n asemrowende te... more Rekenaarwetenskap en Inligtingstelsels hied ondersteuning aan terreine wat teen 'n asemrowende tempo ontwikkel en verander. Dit wil egter voorkom asof daar steeds onduidelikhede ten opsigte van hierdie vakgebied(e) bestaan. Daarom dan 'n paging om die vakgebiede van nader te bekyk. Volgens Thomson en Strickland (1993:55) is die doe! van situasie-analise: om daardie kenmerke in 'n onderneming se interne en eksterne omgewing te bepaal wat op die mees direkte 1101se die strategiese alternatiewe en geleenthede bei'nvloed. Ek sal nie streng by die meer formele voorskrifte ten opsigte van situasie-analise en strategiese beplanning hou nie. Tog word gepoog om bepaalde kenmerke en tendense ten opsigte van die rol van "lnligtingstegnologie" (IT) aan universiteite uit te Iig. 1.1 Vereenvoudigde skematiese voorstelling van 'n (moderne) rekenaar: In bykans a! ons kantore en in 'n groat persentasie van ons woonhuise kom rekenaars voor. Mense soos Biii Gates beywer huiie dan ook (miskien om meer materiele redes) vir 'n situasie van 'n rekenaar in elke huis en op elke Iessenaar. Min mense is egter op hoogte van die werklike samesteiiing van 'n rekenaar. Vervolgens sal die hoofkomponente van 'n rekenaar kortliks aangedui word. Invoereenhede Afvoereenhede Bogaande figuur stel op 'n vereenvoudigde wyse die hoofkomponente van 'n rekenaar voor: • Met behulp van die invoereenhede kan data, programme, ens. in die rekenaar ingevoer word. Voorbeelde van invoereenhede sluit in: sleutelbord, skandeerder, muis, ens.

Research paper thumbnail of A diet expert system utilizing linear programming models in a rule-based inference engine

Linear programming is commonly used for solving complex problems in various fields, including die... more Linear programming is commonly used for solving complex problems in various fields, including dietetics. Expert systems use expertise and inference procedures to solve problems that require advanced expert knowledge and are also applied to health related problems. Over the years many variations and facets of the diet problem and other related problems have been solved by means of linear programming techniques as well as expert systems. In this research, an expert system was created for the purpose of solving multiple facets of the diet problem, by creating a rule-based inference engine consisting of goal programming-and multi-objective linear programming models. The program was successfully applied to cases specific to South African teenage girls, which were obtained through system development. The resulting system compiles an eating-plan for a girl that conforms to the nutritional requirements of a healthy diet, includes the personal food preferences of the girl, and consists of food items that result in the lowest total cost. The system also allows prioritization of the food preference and least cost factors by means of weighted priorities.

Research paper thumbnail of An exact algorithm for the N-sheet two dimensional single stock-size cutting stock problem

ORiON, 2015

The method introduced in this paper extends the trim-loss problem or also known as 2D rectangular... more The method introduced in this paper extends the trim-loss problem or also known as 2D rectangular SLOPP to the multiple sheet situation where N same size two-dimensional sheets have to be cut optimally producing demand items that partially or totally satisfy the requirements of a given order. The cutting methodology is constrained to be of the guillotine type and rotation of pieces is allowed. Sets of patterns are generated in a sequential way. For each set found, an integer program is solved to produce a feasible or sometimes optimal solution to the N-sheet problem if possible. If a feasible solution cannot be identified, the waste acceptance tolerance is relaxed somewhat until solutions are obtained. Sets of cutting patterns consisting of N cutting patterns, one for each of the N sheets, is then analysed for optimality using criteria developed here. This process continues until an optimal solution is identified. Finally, it is indicated how a given order of demand items can be totally satisfied in an optimal way by identifying the smallest N and associated cutting patterns to minimize wastage. Empirical results are reported on a set of 120 problem instances based on well known problems from the literature. The results reported for this data set of problems suggest the feasibility of this approach to optimize the cutting stock problem over more than one same size stock sheet. The main contribution of this research shows the details of an extension of the Wang methodology to obtain and prove exact solutions for the multiple same size stock sheet case.

Research paper thumbnail of n Model van faktore wat die sukses van onderrigleer van tegnologie–gebaseerde onderwerpe beinvloed

Research paper thumbnail of Identity Theft — Empirical evidence from a Phishing Exercise

IFIP International Federation for Information Processing, 2007

Identity theft is an emerging threat in our networked world and more individuals and companies fa... more Identity theft is an emerging threat in our networked world and more individuals and companies fall victim to this type of fraud. User training is an important part of ICT security awareness; however, IT management must know and identify where to direct and focus these awareness training efforts. A phishing exercise was conducted in an academic environment as part of an ongoing information security awareness project where system data or evidence of users' behavior was accumulated. Information security culture is influenced by amongst other aspects the behavior of users. This paper presents the findings of this phishing experiment where alarming results on the staff behavior are shown. Educational and awareness activities pertaining to email environments are of utmost importance to manage the increased risks of identity theft.

Research paper thumbnail of An assessment of the role of cultural factors in information security awareness

2011 Information Security for South Africa, 2011

An information security awareness program is regarded as an important instrument in the protectio... more An information security awareness program is regarded as an important instrument in the protection of information assets. In this study, the traditional approach to an information security awareness program is extended to include possible cultural factors relating to people from diverse backgrounds. The human factor, consisting of two closely related dimensions, namely knowledge and behaviour, play a significant role in the field of ICT security. In addition, cultural factors also impact on the security knowledge and behaviour of people as cultural differences may manifest themselves in different levels of security awareness. An information security vocabulary test was used to assess the level of awareness pertaining to the two human dimensions-knowledge and behaviour amongst students from two different regional universities in South Africa. The objective is to determine whether cultural differences among students have an effect on their ICT security awareness levels. Results obtained suggest that certain cultural factors such as mother tongue, area where you grew up, etc., do have an impact on security awareness levels and should be taken into consideration when planning and developing an information security awareness program.

Research paper thumbnail of Determinants of Password Security: Some Educational Aspects

IFIP Advances in Information and Communication Technology, 2013

Development and integration of technology give organisations the opportunity to be globally compe... more Development and integration of technology give organisations the opportunity to be globally competitive. However, the potential misuse of Information Technology (IT) is a reality that has to be dealt with by management, individuals and information security professionals. Numerous threats have emerged over time in the networked world, but so have the ways of alleviating these risks. However, security problems are still imminent-as highlighted by the plethora of media articles and research efforts. The insider risk is stated as being around 80% of security threats [1] in a company. With this statistic in mind, management has to plan how to allocate resources to counteract the risks. Very often, simple measures such as good password behaviour are overlooked or not rated high enough to include in all security awareness programmes. This paper will focus on a study that assesses password management of future IT professionals. It will be demonstrated how management and educators can use these results to focus their efforts in order to improve users' password practices and thereby enhancing overall IT security.

Research paper thumbnail of Value-Focused Assessment of Information Communication and Technology Security Awareness in an Academic Environment

IFIP International Federation for Information Processing

The aim of this paper is to introduce the approach of value-focused thinking when identifying inf... more The aim of this paper is to introduce the approach of value-focused thinking when identifying information and communications technology (ICT) security awareness aspects. Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. How can personnel follow the rules when they don't know what the rules are? [I] This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning.

Research paper thumbnail of Email Security Awareness — a Practical Assessment of Employee Behaviour

IFIP — International Federation for Information Processing

Email communication is growing as a main method for individuals and organizations to communicate.... more Email communication is growing as a main method for individuals and organizations to communicate. Sadly, this is also an emerging means of conducting crime in the cyber world, e.g. identity theft, virus attacks etc. The need for improving awareness to these threats amongst employees is evident in media reports. Information security is as much a people issue as a technology one. This paper presents a description and results of an email awareness experiment that was performed amongst staff from a South African university. It is shown how management can use these results to focus and improve ICT awareness.

Research paper thumbnail of An Empirical Assessment of Factors Impeding Effective Password Management

Journal of Information Privacy and Security, 2008

Research paper thumbnail of Efficient waste reduction algorithms based on alternative underestimates for the modified Wang method

ORiON, 2014

This paper is concerned with wastage reduction in constrained two-dimensional guillotinecut cutti... more This paper is concerned with wastage reduction in constrained two-dimensional guillotinecut cutting stock problems, often called trim loss problems. A number of researchers report in the literature on algorithmic approaches to find exact solutions for the trim loss problem. Alternative heuristic functions are investigated and applied to the modified Wang method. This involves the sharpening of underestimates used in the methods heuristic function. Two aspects of these solution approaches are considered and some empirical results are given. The first part considers the feasibility to construct more informed heuristic functions. The second part investigates the role of more informedness on the computational cost of these search processes.

Research paper thumbnail of Password Management: Empirical Results from a RSA and USA Study

The state of information security as a whole is a disaster, a train wreck". This view is giv... more The state of information security as a whole is a disaster, a train wreck". This view is given by Forte and Power (2007) describing the state of information security towards the end of the first decade of the 21st century. Amongst solutions offered, the view that security programs have to be holistic is proposed indicating that technical controls are of little value without the workforce understanding the risks of their irresponsible behavior. Another solution proposed by them is the role of awareness and education. All levels of users should be targeted letting them understand their role and responsibility in information security. Password related behavior is often highlighted as a key component of information security

Research paper thumbnail of Reshaping computer literacy teaching in higher education

Interactive Technology and Smart Education, 2011

Purpose–Acquiring computer skills is more important today than ever before, especially in a devel... more Purpose–Acquiring computer skills is more important today than ever before, especially in a developing country. Teaching of computer skills, however, has to adapt to new technology. This paper aims to model factors influencing the success of the learning of computer ...

Research paper thumbnail of A vocabulary test to assess information security awareness

Information Management & Computer Security, 2010

PurposeThe dependence on human involvement and human behavior to protect information assets neces... more PurposeThe dependence on human involvement and human behavior to protect information assets necessitates an information security awareness program to make people aware of their roles and responsibilities towards information security. The purpose of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to assist with the identification of suitable areas or topics to be included in an information security awareness program.Design/methodology/approachA questionnaire has been designed to test and illustrate the feasibility of a vocabulary test. The questionnaire consists of two sections – a first section to perform a vocabulary test and a second one to evaluate respondents' behavior. Two different class groups of students at a university were used as a sample.FindingsThe research findings confirmed that the use of a vocabulary test to assess security awareness levels will be beneficial. A significant relationship...

Research paper thumbnail of Value-focused assessment of ICT security awareness in an academic environment

Computers & Security, 2007

Security awareness is important to reduce human error, theft, fraud, and misuse of computer asset... more Security awareness is important to reduce human error, theft, fraud, and misuse of computer assets. A strong ICT security culture cannot develop and grow in a company without awareness programmes. This paper focuses on ICT security awareness and how to identify key areas of concern to address in ICT security awareness programmes by making use of the value-focused approach. The result of this approach is a network of objectives where the fundamental objectives are the key areas of concern that can be used in decision making in security planning. The fundamental objectives were found to be in line with the acknowledged goals of ICT security, e.g. confidentiality, integrity and availability. Other objectives that emerged were more on the social and management side, e.g. responsibility for actions and effective use of resources.