1
Information Security Awareness資訊安全認知Ruey-shiang Shaw 蕭瑞祥General Secretary, CSIM
Chairman, IM, Tamkang University2006.09.29
22
Elicitation of Research Topics
Information SecurityAwareness
National InformationSecurity Project
ING InformationSecurity Project
33
Information Security Platform
Information Technology, Learning, and Performance Journal
44
Problems
• Why ING needs the information security platform ?
• What are the differences between e-learning and information security platform ?
55
Systems Development inInformation Systems Research
JAY F. NUNAMAKER, JR., MINDER CHEN, and TITUS D. M. PURDINJournal of Management Information Systems I Winter 1990-91, Vol. 7, No, 3, pp. 89-106.
66
The Integrated Framework of Information Security Awareness
Information Security Awareness Platform
Evaluation of OrganizationalInformation Security Awareness
Materials and Methods for Information Security Awareness
77
Situation Awareness
決策 行為成效情 境 認 知 未來預測
Level 3 現況了解
Level 2元素知覺
Level 1
系統功能介面設計壓力 /工作負荷複雜度自動化
目標預期
環境狀況
能力 經驗 訓練
個人因素
作業或系統 因素
長期記憶 自動性
資訊處理機制
Endsley, M.R. and Garland D.J (Eds.) (2000)Situation Awareness Analysis and Measurement. Mahwah , NJ : Lawrence Erlbaum Associates,
88
Research Design
What is your opinion?
99
The Evaluation Form of Information Security Awareness
PART I: Laws and Regulations1.1 Laws and Regulations 1.1.1 I understand the meaning of ‘the basic policy structure for IT security in the Federal government’ in the concept of ‘Laws and Regulations.’1.2 Policies and Procedures1.2.1 I understand the meaning of ‘IT security safeguards are intended to achieve specific control objectives’ in the concept of ‘Policies and Procedures.’1.2.2 I understand the meaning of ‘procedures define the technical and procedural safeguards that have been implemented to enforce the specified policies’ in the concept of ‘Policies and Procedures.’
1010
NIST SP800-16
ABC’s OF INFORMATION TECHNOLOGY SECURITY
A Assets – Something of value requiring protection (hardware, software, data, reputation)
B Backup – The three most important safeguards – backup, backup, backupC Countermeasures and Controls – Prevent, detect, and recover from security
incidentsD DAA and Other Officials – Manage and accept risk and authorize the system
to operateE Ethics – The body of rules that governs an individual’s behavior.F Firewalls and Separation of Duties – Minimize the potential for “incident
encroachment”G Goals – Confidentiality, Integrity, and Availability (CIA)
1111
Research Design
What is your opinion?
1212
Conclusion
• Research topics elicited from projects.• Extended to a integrated framework.• Referred to other research fields.• Be skillful at research methodologies.