Scribd Logo
Upload

Welcome to Scribd!

  • Slide Presentation (Project1)

    Uploaded by

    Syaliza Razak
    12 views28 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views28 pages

    Slide Presentation (Project1)

    Uploaded by

    Syaliza Razak

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    AN ANALYSIS OF USER SECURITY AWARENESS LEVEL ON DIFFERENT LEVEL OF USER IN (FSKSM) UTM, SKUDAI CAMPUS Norsyaliza bt Abd Razak

    (MC 101312)
    1

    Problem Background Research Design

    Research Questions

    Introduction
    Scope of Research

    Problem Statement

    Research Objectives

    Project Aim

    Widely use of computer and internet in organization Doesnt have an appropriate security framework

    Different type/level of users

    Security Awareness Problems


    Different of computer and internet usage Attack to information and losses of asset

    Lack of security awareness and training

    Research Question
    Why user still lack of security awareness?
    Why should applied security framework in organization? Why the default security framework should be enhance?

    Problem Statement
    1. There is no proper program or training model for security awareness base on the categories of user background in organization. 2. Because of there is no proper training program in the organization it can contribute to the lack of security awareness. It can expose the information to the attack or threats and data breach.

    Project Aim
    Investigate the level of security awareness of user in different level in FSKSM to purpose the appropriate security framework to the Investigate organization.

    Adopting

    Adopting the existing framework and enhancement of the framework to suite the environment of the organization and the target users.

    Objectives
    1. Identify the level of information security awareness in general public base on the level of user in Faculty of Computer Science and Information System (FSKSM) UTM campus. 2. To evaluate the behavior between the level of users base on their usage in Faculty of Computer Science and Information System (FSKSM) UTM campus. 3. To purpose an appropriate framework of information security awareness to different level of users in Faculty of Computer Science and Information System (FSKSM) UTM campus.
    7

    Scope of research
    People
    Users in FSKSM UTM Skudai Organization staff (Administration Staff, Technician etc) , Lecturer and Student (Undergraduate and Postgraduate)

    Study Area
    The research will be conducted in Faculty Science Computer and Information System UTM Skudai Campus.

    Data
    User Position in Organization, Users Background, ICT Usage (System, Internet and Computer). Security Policy and security framework.

    Assessment Method

    Information

    Information Security

    Information Security Framework

    Information security Awareness

    Literature Review
    Factors of Attack and Threats
    Type of Attacks and Threats Computer and IT users.

    Important of Security Awareness

    Factor Of Threats
    HUMAN FACTOR
    * Behavior * Lack of Awareness * Lack of Training * Lack of Motivation

    ATTACK
    ORGANIZATION FACTOR * No Security awareness and training program * Lack of security protection antivirus and security system * Non-update security policy
    10

    Human Factor in Security Threats


    Security Human Awareness Factor Author Stephanie. D (2005) M.E Whitman (2003) J.A Valentine (2006) S. Woodhouse (2007) M.T Siponen (2000) Ethic/ Behavior Belief Motivation Security /Policy Development Involvement Work Population/ Environment Education Responsibi lity / Complianc e

    x x x x x

    x x x

    x x -

    x x

    x x x

    x -

    x x x -

    11

    Cont..
    Human Security Factor Awareness Ethic/ Behavior Belief Motivation Security /Policy Work Development Population/ Involvement Environment Education Responsibili ty / Compliance

    Author J.J Gonzalez, A.Sawicka (2002)


    S.Talib, N.L Clarke, S.M Furnell (2010) M.T Siponen (2001) M.Masrom, Z.Ismail (2008) C. Colwill (2010)

    x x x -

    x
    x x x

    x
    x -

    x
    x

    x x

    x
    12

    Component of Security Framework

    PEOPLE

    TECHNOLOGY

    PROCESS

    13

    Security Framework
    Education/ Training Policy Campaign in topic Practice Cost/ Budget

    Author
    IBM, 2008 DesPlanque s, 2005 VanCura, 2005 SETA M.T Siponen M.T Siponen (2000) X X X X X X X X X X X X X X X X X -

    14

    Cont
    Education/ Training Policy Campaign in topic Practice Cost/ Budget

    Author J.J Gonzalez, A.Sawicka (2002) S.Talib, N.L Clarke, S.M Furnell (2010) M.Al-Wadi, K.Renaud Knowledge Platform White Paper (2005)

    X X

    X X

    X X

    15

    Research Methodology
    Analyze Framework

    Propose Framework

    Preliminary Study

    Research Framework

    Analysis Findings

    Survey Process

    16

    Research Framework

    17

    Cont

    18

    Preliminary Case Study


    The preliminary case study has been done to a group of users. Fifty questionnaires had been distributed and 28 respondents have feedback the result.

    Initial Finding
    From the pre case study, the result will determine the user perspective toward information security. The initial finding can conduct to generate the conceptual framework for the actual process of the project.
    19

    Respondent Position Level

    a. Lecturer/Teacher b. Executive c. Non-Executive d. Technical e. Non-Technical f. Undergraduate Student g. Postgraduate student

    20

    Internet Usage

    A. Online system B. Teaching and learning C. Social network D. Search engine E. Downloading F. Streaming G. Others
    21

    General Knowledge

    22

    Security Training

    ( A Yes , B No , C Not Sure )


    23

    Security Program

    ( A Yes , B No , C Not Sure )


    24

    Participation

    ( A - YES if its for FREE , B - YES I sure will participate , C - Depends on time , D - NO Im not interested)
    25

    Hypothesis
    Most of users have the basic knowledge of the information security but they lack of awareness attitude toward the security.
    The lack of user awareness is because they are lack of security training that should be provided by the organization.

    usage toward internet and computer is different base on their work background and environment.
    26

    Conceptual Framework
    Distribute Questionaire

    Management Staffs, Lecturer and Student

    Data Collection

    Organization/Institute - Un-Update Policy - Awareness Program/ Training - Cost of Programme

    Knowledge - Education Background -Lack of Awareness -Lack of Exposure - Lack of Training Information Security Awareness Among User in FSKSM User Level - Position Level - Gender - Computer/IT usage

    Attitude - Personal Attribute - Belief - Perception - Culture/Custom

    - The questionnaire should be valid, reliable, clear, succinct and interesting - Doing pilot test tp questionnaire for perfect questionnaire.

    27
    Data Analysis Conclusion Of Findings

    Conclusion.
    From the conceptual framework, the study will be continued on project 2 based on the features that gain from the project 1. Detailed study will be conducted based on information and hypotheses that have been gained from research literature review and case study that has been done. The data will be collect through the exact target user in FSKSM and will be done by the actual survey questionnaire.

    28

    You might also like