Documente Academic
Documente Profesional
Documente Cultură
(MC 101312)
1
Research Questions
Introduction
Scope of Research
Problem Statement
Research Objectives
Project Aim
Widely use of computer and internet in organization Doesnt have an appropriate security framework
Research Question
Why user still lack of security awareness?
Why should applied security framework in organization? Why the default security framework should be enhance?
Problem Statement
1. There is no proper program or training model for security awareness base on the categories of user background in organization. 2. Because of there is no proper training program in the organization it can contribute to the lack of security awareness. It can expose the information to the attack or threats and data breach.
Project Aim
Investigate the level of security awareness of user in different level in FSKSM to purpose the appropriate security framework to the Investigate organization.
Adopting
Adopting the existing framework and enhancement of the framework to suite the environment of the organization and the target users.
Objectives
1. Identify the level of information security awareness in general public base on the level of user in Faculty of Computer Science and Information System (FSKSM) UTM campus. 2. To evaluate the behavior between the level of users base on their usage in Faculty of Computer Science and Information System (FSKSM) UTM campus. 3. To purpose an appropriate framework of information security awareness to different level of users in Faculty of Computer Science and Information System (FSKSM) UTM campus.
7
Scope of research
People
Users in FSKSM UTM Skudai Organization staff (Administration Staff, Technician etc) , Lecturer and Student (Undergraduate and Postgraduate)
Study Area
The research will be conducted in Faculty Science Computer and Information System UTM Skudai Campus.
Data
User Position in Organization, Users Background, ICT Usage (System, Internet and Computer). Security Policy and security framework.
Assessment Method
Information
Information Security
Literature Review
Factors of Attack and Threats
Type of Attacks and Threats Computer and IT users.
Factor Of Threats
HUMAN FACTOR
* Behavior * Lack of Awareness * Lack of Training * Lack of Motivation
ATTACK
ORGANIZATION FACTOR * No Security awareness and training program * Lack of security protection antivirus and security system * Non-update security policy
10
x x x x x
x x x
x x -
x x
x x x
x -
x x x -
11
Cont..
Human Security Factor Awareness Ethic/ Behavior Belief Motivation Security /Policy Work Development Population/ Involvement Environment Education Responsibili ty / Compliance
x x x -
x
x x x
x
x -
x
x
x x
x
12
PEOPLE
TECHNOLOGY
PROCESS
13
Security Framework
Education/ Training Policy Campaign in topic Practice Cost/ Budget
Author
IBM, 2008 DesPlanque s, 2005 VanCura, 2005 SETA M.T Siponen M.T Siponen (2000) X X X X X X X X X X X X X X X X X -
14
Cont
Education/ Training Policy Campaign in topic Practice Cost/ Budget
Author J.J Gonzalez, A.Sawicka (2002) S.Talib, N.L Clarke, S.M Furnell (2010) M.Al-Wadi, K.Renaud Knowledge Platform White Paper (2005)
X X
X X
X X
15
Research Methodology
Analyze Framework
Propose Framework
Preliminary Study
Research Framework
Analysis Findings
Survey Process
16
Research Framework
17
Cont
18
Initial Finding
From the pre case study, the result will determine the user perspective toward information security. The initial finding can conduct to generate the conceptual framework for the actual process of the project.
19
20
Internet Usage
A. Online system B. Teaching and learning C. Social network D. Search engine E. Downloading F. Streaming G. Others
21
General Knowledge
22
Security Training
Security Program
Participation
( A - YES if its for FREE , B - YES I sure will participate , C - Depends on time , D - NO Im not interested)
25
Hypothesis
Most of users have the basic knowledge of the information security but they lack of awareness attitude toward the security.
The lack of user awareness is because they are lack of security training that should be provided by the organization.
usage toward internet and computer is different base on their work background and environment.
26
Conceptual Framework
Distribute Questionaire
Data Collection
Knowledge - Education Background -Lack of Awareness -Lack of Exposure - Lack of Training Information Security Awareness Among User in FSKSM User Level - Position Level - Gender - Computer/IT usage
- The questionnaire should be valid, reliable, clear, succinct and interesting - Doing pilot test tp questionnaire for perfect questionnaire.
27
Data Analysis Conclusion Of Findings
Conclusion.
From the conceptual framework, the study will be continued on project 2 based on the features that gain from the project 1. Detailed study will be conducted based on information and hypotheses that have been gained from research literature review and case study that has been done. The data will be collect through the exact target user in FSKSM and will be done by the actual survey questionnaire.
28