Corporate Information Security Education

Niekerk, Johan Van; Solms, Rossouw von

doi:10.1007/1-4020-8145-6_1

Cited by 7 publications

(7 citation statements)

References 8 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Organizations need to encourage knowledge transfer among employees and provide for proper training. As Niekerk and Solms [2004] noted, "Employees must know why information security is important and why a specific policy or control is in place." They go on to break information security education into three areas: awareness, training, and education.…”

Section: Security Educationmentioning

confidence: 99%

Web Engineering Security (WES) Methodology

Glisson¹,

Welland²

2014

CAIS

View full text Add to dashboard Cite

The impact of the World Wide Web on basic operational economical components in global information-rich civilizations is significant. The repercussions force organizations to provide justification for security from a businesscase perspective and to focus on security from a Web application development environment standpoint. The need for clarity promoted an investigation through the acquisition of empirical evidence from a high level Web survey and a more detailed industry survey to analyze security in the Web application development environment ultimately contributing to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The synthesis of information provided was used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization's chosen application development process.

show abstract

Section: Security Educationmentioning

confidence: 99%

Web Engineering Security (WES) Methodology

Glisson¹,

Welland²

2014

CAIS

View full text Add to dashboard Cite

show abstract

“…Organisational learning theories deal with the idea of how organizations learn and adapting its behaviour [3]. This concept has been subjected to a wide and growing variety of researchers and a number of definitions have been suggested in the literature [11], [12].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Traditionally the mitigation of information security risks was addressed using a variety of technical controls. It is however widely accepted and recognised that technology on its own cannot deliver complete solutions to the security problem and that the human aspect of security should receive more attention [1], [2], [3]. One way of addressing the human side of security is to focus on awareness and educational activities [4] making use of some form of an awareness program.…”

Section: Introductionmentioning

confidence: 99%

“…Albrechtsen [10] contend that these type of incidents and experiments present great opportunities to learn and improve information security. To ensure that learning does take place Van Niekerk and Von Solms [3] suggested that an organisational learning model be used.…”

Section: Introductionmentioning

confidence: 99%

“…Due to the focus on long term goals and the more complex nature of double-loop learning, most companies focus only on single-loop learning [16]. According to Van Niekerk and Von Solms [3] this is also true in the information security discipline. They pointed out that generative, or double-loop learning, emphasizes continuous experimentation and feedback.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Phishing and Organisational Learning

Kearney

Kruger

2013

Security and Privacy Protection in Information Processing Systems

View full text Add to dashboard Cite

The importance of addressing the human aspect in information security has grown over the past few years. One of the most frequent techniques used to obtain private or confidential information from humans is phishing. One way to combat these phishing scams is to have proper security awareness programs in place. In order to enhance the awareness and educational value of information security awareness programs, it is suggested that an organisational learning model, characterised by so called single-loop and double-loop learning, be considered. This paper describes a practical phishing experiment that was conducted at a large organisation and shows how a learning process was initiated and how security incidents such as phishing can be used successfully for both single and double-loop learning.

show abstract

Evaluating the Cisco Networking Academy Program’s Instructional Model against Bloom’s Taxonomy for the Purpose of Information Security Education for Organizational End-Users

Niekerk

Thomson

2010

Key Competencies in the Knowledge Society

View full text Add to dashboard Cite

Organizational end-user information security end-user education is becoming increasingly more important in the current information society. Without the active cooperation of knowledgeable employees, organizations cannot effectively protect their valuable information resources. Most current information security educational programs lack a theoretical basis. This paper briefly examines the use of Bloom's learning taxonomy to help address this lack of theoretical basis. The paper further investigates the applicability of the Cisco Networking Academy Program's (CNAP) instructional model for the delivery of end-user information security instructional content, planned with the assistance of Bloom's taxonomy.

show abstract

Corporate Information Security Education

Cited by 7 publications

References 8 publications

Web Engineering Security (WES) Methodology

Web Engineering Security (WES) Methodology

Phishing and Organisational Learning

Evaluating the Cisco Networking Academy Program’s Instructional Model against Bloom’s Taxonomy for the Purpose of Information Security Education for Organizational End-Users

Contact Info

Product

Resources

About