Evaluation of IT System Security Training Success

With all the efforts put into IT system security, the issue remains of what the level of such security is and how sure we are that our IT system is secure. The paper starts with the assumption that users are one of the most important components of IT system security, and an aware and trained user takes much more care about security in his daily activities. Such system will have less security incidents, which should reduce the possibility of infiltration by malevolent users or programs. Training is one of the mechanisms for affecting user behavior. The management of user training in the area of security is a demanding process. To implement is efficiently, we need information on training success evaluation. The paper proposes a training success evaluation model using fuzzy logic.

[1]  William A. Wulf,et al.  TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .

[2]  Matt Bishop,et al.  Improving system security via proactive password checking , 1995, Comput. Secur..

[3]  Yacine Rezgui,et al.  Information security awareness in higher education: An exploratory study , 2008, Comput. Secur..

[4]  Alfredo De Santis,et al.  HYPPOCRATES: a new proactive password checker , 2004, J. Syst. Softw..

[5]  Gerald V. Post,et al.  Computer security and operating system updates , 2003, Inf. Softw. Technol..

[6]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[7]  Indrajit Ray,et al.  Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..

[8]  Nikola Kasabov,et al.  Foundations Of Neural Networks, Fuzzy Systems, And Knowledge Engineering [Books in Brief] , 1996, IEEE Transactions on Neural Networks.

[9]  Matt Bishop Password management , 1991, COMPCON Spring '91 Digest of Papers.

[10]  Kevin M. Stine,et al.  Performance Measurement Guide for Information Security , 2008 .

[11]  Matt Bishop,et al.  Anatomy of a Proactive Password Changer , 2004 .

[12]  Ann Blandford,et al.  Bridging the gap between organizational and user perspectives of security in the clinical domain , 2005, Int. J. Hum. Comput. Stud..

[13]  Elmarie Kritzinger,et al.  Information security management: An information security retrieval and awareness model for industry , 2008, Comput. Secur..

[14]  Corey D. Schou,et al.  A Model for Information Assurance : An Integrated Approach , 2001 .

[15]  M. Bishop Proactive Password Checking , 1992 .

[16]  Elsevier Sdol International Journal of Human-Computer Studies , 2009 .