ABSTRACT
Once an information security program is put in place in an organization, the program needs to be managed and formal training needs to take place in order to get everyone to comply with the policies resulting from the program. Most of the training and education is conducted on these policies, but there is also a need to train users on some general good security practices, password management practices, access control management, and violation reporting that may not be part of the policies laid out by the information security program. This paper will focus on this aspect of the information security program training.
- ANTI-PHISHING WORKING GROUP. 2007. Anti-Phishing Working Group. Retrieved June 27, 2010 from: http://www.antiphishing.org/Google Scholar
- D., Sanok. 2005. An analysis of how antivirus methodologies are utilized in protecting computers from malicious code. Information Security Curriculum Development, 142--144. DOI= http://doi.acm.org/10.1145/1107622.1107655 Google ScholarDigital Library
- EBAY. 2006. Spoof email tutorial. Retrieved June 27, 2010 from: http://pages.ebay.com/education/spooftutorialGoogle Scholar
- FEDERAL TRADE COMMISSION. 2006. How not to get hooked by a phishing scam. Consumer alert news. http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.htmGoogle Scholar
- General Services Administration, 1996. Telecommunications: Glossary of Telecommunication Terms. Retrieved June 25, 2010 from: http://www.its.bldrdoc.gov/fs-1037/other/a.pdfGoogle Scholar
- "Information Security." Title 44 U. S. Code, Sec. 3542. (2008), retrieved June 28, 2010 from: http://frwebgate.access.gpo.gov/cgi-bin/usc.cgi?ACTION=RETRIEVE&FILE=¿xa¿busc44.wais&start=1050213&SIZE=2782&TYPE=TEXTGoogle Scholar
- Internet Crime Complaint Center. 2009 Internet Crime Report. Available from www.ic3.gov/media/annualreport/2009_IC3Report.pdf; accessed 28 June 2010.Google Scholar
- J., Misra, and I., Saha. 2009. A Reinforcement Model for Collaborative Security and Its Formal Analysis. New Security Paradigms Workshop, 6, 101--114. DOI= http://doi.acm.org/10.1145/1719030.1719045 Google ScholarDigital Library
- M., Liron. Windows Automatic Updates. Retrieved June 28, 2010 from: http://www.updatexp.com/windows-automatic-updates.htmlGoogle Scholar
- M., Whitman, and M. Mattord. Management of Information Security. Course Technology, Boston, 2010. Google ScholarDigital Library
- Microsoft, 2010. Create Strong Passwords. Retrieved June 28, 2010 from: http://www.microsoft.com/protect/fraud/passwords/create.aspxGoogle Scholar
- Microsoft. 2010. Firewalls: Frequently Asked Questions. Retrieved June 29, 2010 from: http://www.microsoft.com/security/firewalls/faq.aspxGoogle Scholar
- Microsoft. 2010. What is encryption?. Retrieved June 27, 2010 from: http://windows.microsoft.com/en-US/windows-vista/What-is-encryptionGoogle Scholar
- R., Richardson. 2009. CSI Computer Crime & Security Survey 2008. Retrieved June 27, 2010 from: http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdfGoogle Scholar
- The Chinese University of Hong Kong, 2004. The DOs & DONT's checklist for protecting your digital data. Retrieved June 30, 2010 from: http://www.cuhk.edu.hk/itsc/security/gpis/prodatac.htmlGoogle Scholar
Index Terms
- Training general users on the non-policy side of the IS program
Recommendations
Simplicity is Bliss: Controlling Extraneous Cognitive Load in Online Security Training to Promote Secure Behavior
User-initiated security breaches are common and can be very costly to organizations. Information security training can be used as an effective tool to improve users' secure behavior and thus alleviate security breaches. Via the lens of learning, working ...
Planning Program for CSF-based Training Management Informationization
ITCS '10: Proceedings of the 2010 Second International Conference on Information Technology and Computer Sciencethis paper discusses and builds the information planning program in the process of training management using CSF method of information planning, in the basic principles of management science. It proposes the software planning idea for the feasible ...
Evaluation of Airport Security Training Programs: Perspectives and Issues
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and SecurityWhile many governments and airport operators have emphasized the importance of security training and committed a large amount of budget to security training programs, the implementation of security training programs was not proactive but reactive. ...
Comments