论文信息 - DSAPE - Dynamic Security Awareness Program Evaluation

DSAPE - Dynamic Security Awareness Program Evaluation

This paper addresses the importance of continuously evaluating an organization's awareness program and provides guidelines that will help organizations assess their efforts, extending the authors' work in [1]. The proposed methodology evaluates an awareness program considering the most common and essential methods used for delivering awareness material. Key awareness-related processes and accompanying quantitative metrics are identified, along with a methodology for dynamically evaluating the metrics and the overall awareness program as a whole. A software tool is developed, to facilitate the deployment and maintenance of the assessment methods and to formalize their aggregation and evaluation. An organization's security awareness posture is modelled as a dynamic system and the awareness level is calculated and monitored through time via Event Calculus. Furthermore, the tool can be deployed in a multi-agent form, to enable its use by organizations operating through remote offices and distributed locations.

[1] John J. McCarthy,et al. The Rule Engine for the Java Platform , 2008 .

[2] Hatzivasilis Georgios,et al. Multi-Agent Distributed Epistemic Reasoning in Ambient Intelligence Environments , 2011 .

[3] Theodore Tryfonas,et al. Life-logging in smart environments: Challenges and security threats , 2012, 2012 IEEE International Conference on Communications (ICC).

[4] Dimitris Plexousakis,et al. DECKT: Epistemic Reasoning for Ambient Intelligence , 2011, ERCIM News.

[5] Klaus-Peter Zauner,et al. Artificial Wet Neuronal Networks from Compartmentalised Excitable Chemical Media , 2011, ERCIM News.

[6] Erik T. Mueller,et al. Commonsense Reasoning , 2006, Qualitative Representations.

[7] Reijo Savola,et al. A Novel Security Metrics Taxonomy for R&D Organisations , 2008, ISSA.

[8] Charalampos Manifavas,et al. How Effective Is Your Security Awareness Program? An Evaluation Methodology , 2012, Inf. Secur. J. A Glob. Perspect..

[9] E. Davis,et al. Common Sense Reasoning , 2014, Encyclopedia of Social Network Analysis and Mining.

[10] Hennie A. Kruger,et al. A prototype for assessing information security awareness , 2006, Comput. Secur..

[11] Theodore Tryfonas,et al. Embedding security practices in contemporary information systems development approaches , 2001, Inf. Manag. Comput. Secur..