slide presentation (project1)

8/3/2019 Slide Presentation (Project1)

1/28

1

AN ANALYSIS OF USER SECURITYAWARENESS LEVEL ON DIFFERENT LEVEL OF

USER IN (FSKSM) UTM, SKUDAI CAMPUS

Norsyaliza bt Abd Razak (MC 101312)


2/28

2

Introduction

ProblemBackground

ProblemStatement

ResearchObjectives

ResearchQuestions

Project Aim

Scope ofResearch

ResearchDesign


3/28

3

SecurityAwarenessProblems

Widely use ofcomputer and

internet inorganization

Differenttype/level of

users

Different ofcomputer and

internet usage

Attack toinformation andlosses of asset

Lack of security

awareness andtraining

Doesnt have an

appropriatesecurity

framework


4/28

Research Question

Why user still lack of security awareness?

Why should applied security framework in

organization?

Why the default security framework should beenhance?

4


5/28

Problem Statement

1. There is no proper program or training modelfor security awareness base on the categoriesof user background in organization.

2. Because of there is no proper trainingprogram in the organization it can contributeto the lack of security awareness. It canexpose the information to the attack orthreats and data breach.

5


6/28

Project Aim

6

Investigate

Investigate the level of security awareness ofuser in different level in FSKSM to purpose theappropriate security framework to theorganization.

Adopting

Adopting the existing framework andenhancement of the framework to suite theenvironment of the organization and the target

users.


7/28

Objectives

1. Identify the level of information security awareness in

general public base on the level of user in Faculty ofComputer Science and Information System (FSKSM)UTM campus.

2. To evaluate the behavior between the level of usersbase on their usage in Faculty of Computer Science andInformation System (FSKSM) UTM campus.

3. To purpose an appropriate framework of informationsecurity awareness to different level of users in Facultyof Computer Science and Information System (FSKSM)UTM campus.

7


8/28

Scope of research

8

People

Users in FSKSM UTM Skudai Organization staff (Administration Staff, Technician etc) , Lecturer and

Student (Undergraduate and Postgraduate)

Study Area

The research will be conducted in Faculty Science Computer andInformation System UTM Skudai Campus.

Data

User Position in Organization, Users Background, ICT Usage (System,Internet and Computer).

Security Policy and security framework.


9/28

9

LiteratureReview

Information Information

Security

Informationsecurity

Awareness

Important ofSecurity

Awareness

Computer and ITusers.

Type of Attacksand Threats

Factors ofAttack and

Threats

InformationSecurity

Framework

AssessmentMethod


10/28

Factor Of Threats

HUMAN FACTOR

* Behavior

* Lack of Awareness

* Lack of Training

* Lack of Motivation

ORGANIZATION FACTOR

* No Security awareness and trainingprogram

* Lack of security protection antivirus and

security system

* Non-update security policy

ATTACK

10


11/28

Human Factor in Security Threats

Human

Factor

Author

Security

Awareness

Ethic/

Behavior

Belief Motivation Security

/Policy

Development

Involvement

Work

Population/

Environment

Education Responsibi

lity /

Complianc

e

Stephanie. D

(2005)x - - x x - x -

M.E

Whitman

(2003)

x - - - - - - -

J.A Valentine

(2006)x x x - - - x -

S.

Woodhouse

(2007)

x x x - x x x -

M.T Siponen

(2000)x x - x x - - -

11


12/28

Cont..Human

Factor

Author

Security

Awareness

Ethic/

Behavior

Belief Motivation Security /Policy

Development

Involvement

Work

Population/

Environment

Education Responsibili

ty /

Compliance

J.J Gonzalez,

A.Sawicka

(2002)

- x - - x x - x

S.Talib, N.L

Clarke, S.M

Furnell

(2010)

x - - - x - - -

M.T Siponen

(2001)x x - - - x x -

M.Masrom,

Z.Ismail

(2008)

x x - - - x -

C. Colwill

(2010)- x x - - x - -

12


13/28

Component of Security Framework

PEOPLE

PROCESSTECHNOLOGY

13


14/28

Security Framework

Author

Education/

Training

Policy Campaign in topic Practice Cost/

Budget

IBM, 2008 X X - - X -

DesPlanque

s, 2005

X X - - X -

VanCura,

2005

X X X - - -

SETA X X - - - -

M.T

Siponen

X X X - -

M.T

Siponen

(2000)

X - X X - -

14


15/28

Cont

Author

Education/

Training

Policy Campaign in topic Practice Cost/

Budget

J.J Gonzalez,

A.Sawicka

(2002)

X - - - - -

S.Talib, N.L

Clarke, S.M

Furnell

(2010)

X X - - X -

M.Al-Wadi,

K.Renaud

X X - - - X

Knowledge

Platform

White Paper

(2005)

X X - - X X

15


16/28

Research Methodology

16

ResearchFramework

AnalyzeFramework

Preliminary

Study

SurveyProcess

AnalysisFindings

Propose

Framework


17/28

Research Framework

17


18/28

Cont

18


19/28

Preliminary Case Study

The preliminary case study has been done to agroup of users. Fifty questionnaires had beendistributed and 28 respondents have feedback theresult.

19

Initial Finding From the pre case study, the result will determine

the user perspective toward information security.

The initial finding can conduct to generate theconceptual framework for the actual process ofthe project.


20/28

Respondent Position Level

20

a. Lecturer/Teacher b. Executive c. Non-Executive d. Technical e. Non-Technical

f. Undergraduate Student g. Postgraduate student


21/28

Internet Usage

A. Online system B. Teaching and learning C. Social network

D. Search engine E. Downloading F. Streaming G. Others

21


22/28

General Knowledge

22


23/28

Security Training

23

( A Yes , B No , C Not Sure )


24/28

Security Program

24

( A Yes , B No , C Not Sure )


25/28

Participation

25

( A - YES if its for FREE , B - YES I sure will participate ,

C - Depends on time , D - NO Im not interested)


26/28

Hypothesis

26

usage toward internet and computer is differentbase on their work background and environment.

Most of users have the basic knowledge of theinformation security but they lack of awareness

attitude toward the security.

The lack of user awareness is because they are lack ofsecurity training that should be provided by the

organization.


27/28

Conceptual Framework

27

Information

Security

Awareness Among

User in FSKSM

Organization/Institute

- Un-Update Policy

- Awareness Program/ Training

- Cost of Pro ramme

Attitude

- Personal Attribute

- Belief

- Perception

- Culture/Custom

Knowledge

- Education Background

-Lack of Awareness

-Lack of Exposure

- Lack of Training

User Level

- Position Level

- Gender

- Computer/IT usage

Distribute Questionaire Management Staffs, Lecturer and Student

Data Collection

- The questionnaire should be valid, reliable, clear, succinct and interesting

- Doin ilot test t uestionnaire for erfect uestionnaire.

Data AnalysisConclusion Of Findings


28/28

Conclusion.

From the conceptual framework, the study willbe continued on project 2 based on thefeatures that gain from the project 1.

Detailed study will be conducted based on

information and hypotheses that have beengained from research literature review andcase study that has been done.

The data will be collect through the exact

target user in FSKSM and will be done by theactual survey questionnaire.

28

slide presentation (project1)

Documents