Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | syaliza-razak |
View: | 218 times |
Download: | 0 times |
of 28
8/3/2019 Slide Presentation (Project1)
1/28
1
AN ANALYSIS OF USER SECURITYAWARENESS LEVEL ON DIFFERENT LEVEL OF
USER IN (FSKSM) UTM, SKUDAI CAMPUS
Norsyaliza bt Abd Razak (MC 101312)
8/3/2019 Slide Presentation (Project1)
2/28
2
Introduction
ProblemBackground
ProblemStatement
ResearchObjectives
ResearchQuestions
Project Aim
Scope ofResearch
ResearchDesign
8/3/2019 Slide Presentation (Project1)
3/28
3
SecurityAwarenessProblems
Widely use ofcomputer and
internet inorganization
Differenttype/level of
users
Different ofcomputer and
internet usage
Attack toinformation andlosses of asset
Lack of security
awareness andtraining
Doesnt have an
appropriatesecurity
framework
8/3/2019 Slide Presentation (Project1)
4/28
Research Question
Why user still lack of security awareness?
Why should applied security framework in
organization?
Why the default security framework should beenhance?
4
8/3/2019 Slide Presentation (Project1)
5/28
Problem Statement
1. There is no proper program or training modelfor security awareness base on the categoriesof user background in organization.
2. Because of there is no proper trainingprogram in the organization it can contributeto the lack of security awareness. It canexpose the information to the attack orthreats and data breach.
5
8/3/2019 Slide Presentation (Project1)
6/28
Project Aim
6
Investigate
Investigate the level of security awareness ofuser in different level in FSKSM to purpose theappropriate security framework to theorganization.
Adopting
Adopting the existing framework andenhancement of the framework to suite theenvironment of the organization and the target
users.
8/3/2019 Slide Presentation (Project1)
7/28
Objectives
1. Identify the level of information security awareness in
general public base on the level of user in Faculty ofComputer Science and Information System (FSKSM)UTM campus.
2. To evaluate the behavior between the level of usersbase on their usage in Faculty of Computer Science andInformation System (FSKSM) UTM campus.
3. To purpose an appropriate framework of informationsecurity awareness to different level of users in Facultyof Computer Science and Information System (FSKSM)UTM campus.
7
8/3/2019 Slide Presentation (Project1)
8/28
Scope of research
8
People
Users in FSKSM UTM Skudai Organization staff (Administration Staff, Technician etc) , Lecturer and
Student (Undergraduate and Postgraduate)
Study Area
The research will be conducted in Faculty Science Computer andInformation System UTM Skudai Campus.
Data
User Position in Organization, Users Background, ICT Usage (System,Internet and Computer).
Security Policy and security framework.
8/3/2019 Slide Presentation (Project1)
9/28
9
LiteratureReview
Information Information
Security
Informationsecurity
Awareness
Important ofSecurity
Awareness
Computer and ITusers.
Type of Attacksand Threats
Factors ofAttack and
Threats
InformationSecurity
Framework
AssessmentMethod
8/3/2019 Slide Presentation (Project1)
10/28
Factor Of Threats
HUMAN FACTOR
* Behavior
* Lack of Awareness
* Lack of Training
* Lack of Motivation
ORGANIZATION FACTOR
* No Security awareness and trainingprogram
* Lack of security protection antivirus and
security system
* Non-update security policy
ATTACK
10
8/3/2019 Slide Presentation (Project1)
11/28
Human Factor in Security Threats
Human
Factor
Author
Security
Awareness
Ethic/
Behavior
Belief Motivation Security
/Policy
Development
Involvement
Work
Population/
Environment
Education Responsibi
lity /
Complianc
e
Stephanie. D
(2005)x - - x x - x -
M.E
Whitman
(2003)
x - - - - - - -
J.A Valentine
(2006)x x x - - - x -
S.
Woodhouse
(2007)
x x x - x x x -
M.T Siponen
(2000)x x - x x - - -
11
8/3/2019 Slide Presentation (Project1)
12/28
Cont..Human
Factor
Author
Security
Awareness
Ethic/
Behavior
Belief Motivation Security /Policy
Development
Involvement
Work
Population/
Environment
Education Responsibili
ty /
Compliance
J.J Gonzalez,
A.Sawicka
(2002)
- x - - x x - x
S.Talib, N.L
Clarke, S.M
Furnell
(2010)
x - - - x - - -
M.T Siponen
(2001)x x - - - x x -
M.Masrom,
Z.Ismail
(2008)
x x - - - x -
C. Colwill
(2010)- x x - - x - -
12
8/3/2019 Slide Presentation (Project1)
13/28
Component of Security Framework
PEOPLE
PROCESSTECHNOLOGY
13
8/3/2019 Slide Presentation (Project1)
14/28
Security Framework
Author
Education/
Training
Policy Campaign in topic Practice Cost/
Budget
IBM, 2008 X X - - X -
DesPlanque
s, 2005
X X - - X -
VanCura,
2005
X X X - - -
SETA X X - - - -
M.T
Siponen
X X X - -
M.T
Siponen
(2000)
X - X X - -
14
8/3/2019 Slide Presentation (Project1)
15/28
Cont
Author
Education/
Training
Policy Campaign in topic Practice Cost/
Budget
J.J Gonzalez,
A.Sawicka
(2002)
X - - - - -
S.Talib, N.L
Clarke, S.M
Furnell
(2010)
X X - - X -
M.Al-Wadi,
K.Renaud
X X - - - X
Knowledge
Platform
White Paper
(2005)
X X - - X X
15
8/3/2019 Slide Presentation (Project1)
16/28
Research Methodology
16
ResearchFramework
AnalyzeFramework
Preliminary
Study
SurveyProcess
AnalysisFindings
Propose
Framework
8/3/2019 Slide Presentation (Project1)
17/28
Research Framework
17
8/3/2019 Slide Presentation (Project1)
18/28
Cont
18
8/3/2019 Slide Presentation (Project1)
19/28
Preliminary Case Study
The preliminary case study has been done to agroup of users. Fifty questionnaires had beendistributed and 28 respondents have feedback theresult.
19
Initial Finding From the pre case study, the result will determine
the user perspective toward information security.
The initial finding can conduct to generate theconceptual framework for the actual process ofthe project.
8/3/2019 Slide Presentation (Project1)
20/28
Respondent Position Level
20
a. Lecturer/Teacher b. Executive c. Non-Executive d. Technical e. Non-Technical
f. Undergraduate Student g. Postgraduate student
8/3/2019 Slide Presentation (Project1)
21/28
Internet Usage
A. Online system B. Teaching and learning C. Social network
D. Search engine E. Downloading F. Streaming G. Others
21
8/3/2019 Slide Presentation (Project1)
22/28
General Knowledge
22
8/3/2019 Slide Presentation (Project1)
23/28
Security Training
23
( A Yes , B No , C Not Sure )
8/3/2019 Slide Presentation (Project1)
24/28
Security Program
24
( A Yes , B No , C Not Sure )
8/3/2019 Slide Presentation (Project1)
25/28
Participation
25
( A - YES if its for FREE , B - YES I sure will participate ,
C - Depends on time , D - NO Im not interested)
8/3/2019 Slide Presentation (Project1)
26/28
Hypothesis
26
usage toward internet and computer is differentbase on their work background and environment.
Most of users have the basic knowledge of theinformation security but they lack of awareness
attitude toward the security.
The lack of user awareness is because they are lack ofsecurity training that should be provided by the
organization.
8/3/2019 Slide Presentation (Project1)
27/28
Conceptual Framework
27
Information
Security
Awareness Among
User in FSKSM
Organization/Institute
- Un-Update Policy
- Awareness Program/ Training
- Cost of Pro ramme
Attitude
- Personal Attribute
- Belief
- Perception
- Culture/Custom
Knowledge
- Education Background
-Lack of Awareness
-Lack of Exposure
- Lack of Training
User Level
- Position Level
- Gender
- Computer/IT usage
Distribute Questionaire Management Staffs, Lecturer and Student
Data Collection
- The questionnaire should be valid, reliable, clear, succinct and interesting
- Doin ilot test t uestionnaire for erfect uestionnaire.
Data AnalysisConclusion Of Findings
8/3/2019 Slide Presentation (Project1)
28/28
Conclusion.
From the conceptual framework, the study willbe continued on project 2 based on thefeatures that gain from the project 1.
Detailed study will be conducted based on
information and hypotheses that have beengained from research literature review andcase study that has been done.
The data will be collect through the exact
target user in FSKSM and will be done by theactual survey questionnaire.
28