a cyber- security portal for southern africa dr. johan van niekerk & prof. rossouw von solms
TRANSCRIPT
A Cyber-Security Portal for Southern
Africa
Dr. Johan van Niekerk
&
Prof. Rossouw von Solms
Agenda
BackgroundWhy a Portal?Overview
• Information security governance toolbox• E-learning portal• Awareness Game• E-learning for children• Resource Portal
Future work
Background
The Internet • Brought many advantages• Used both at home and in organizations• Not only used by the rich or educated
Internet Usage in South Africa• 8.6% of entire population (World Bank, 2010)
• 83% of low-income urban black youths (Kreutzer, 2009)
• All sectors of the population- Young/old, poor/rich, educated/uneducated, rural/urban
• Many platforms- PC, Mobile phones, Mxit, etc
Background
Internet also brought many RISKSOrganizations address these risks through “Information
Security”• Typically controls are selected from a standard like
ISO/IEC 27002• Three categories of controls
- Physical- Technical- Operation
• Physical & Technical Controls depend on Operational controls
• Thus all controls depend on humans
Background
Organizations• Information Security Awareness, Training & Education• Smaller organizations might lack resources
Home Users• Currently no Cyber Security Education
Society as a whole needs to develop a Cyber Security culture• Children are usually taught about physical security or
financial security by their parents• Current parents are possibly even less equipped than their
children to be secure online• Last year alone 4400 cases of identity theft were reported to
the SAFPS (More than R200 million in fraud)
Why a Portal?
There is a need for Cyber-Security education for all Southern Africans
A “one size fits all” approach won’t work for everyone
A Cyber Security Portal
We are developing a Cyber Security Portal (Institute for ICT Advancement at the Nelson Mandela Metropolitan University)
This portal consists of several sub-projects• A web-based information security governance toolbox• A pedagogically sound e-learning portal for basic
information security education• A web-based game to raise awareness about information
security in organizations• An e-learning portal catering for the specific needs of
children and teenagers• An information security resource portal
Information security governance toolbox
Information security governance • Expensive• Requires staff • & other resources
An information security policy requires• Expertise to create• Compliance
Smaller organizations may lack resources and/or knowledge
Information security governance toolbox
We’re creating a Web-based Toolset• Automatic policy generation• Compliance measurement• Digital “dashboard”• Low Cost
Based on a framework & existing desktop toolset developed over several years• Redevelopment of PC Based “consulting tool” to “self
service” web based tool
A pedagogically sound e-learning portal
Current information security education lacks pedagogical basis (Puhakainen, 2006)
No current program targets home users• Social networking• Internet banking• Etc
Moodle 2.0 Portal• Free access to basic education• Brain compatible learning principles• Activities planned according to learning taxonomies
A web-based awareness game
Information Security often not seen as a core business component
Employees lack motivation to learn about securityAddress motivational issues by making security awareness
“fun”Game design based on sound educational gaming research
• Employees compete in virtual “race” over 2 weeks• Daily clues• Use of Google Maps and other tools to simulate race• Leaderships boards & Daily + Weekly prizes
Framework to be tested towards end of 2011• Can be customized for other organizations
E-learning portal for children
Children have specific Cyber Security needs• Social Networking• Mxit, etc
Parents lack knowledgePortal will provide
• Games• Age relevant Cyber Security material
For Parents• Information brochures• Parental control tools
Information security resource portal
Research papers Information Security Standards Informational brochuresContact information for research collaborationLinks to “other” cyber security research projects
Aims of the portal
The aim of this portal is to be a single point of access for all free, or low-cost, cyber & information security related resources in
Southern Africa
Questions / Comments
?