Advertisement

Multimedia Tools and Applications

, Volume 74, Issue 20, pp 8927–8937 | Cite as

A study on strengthening security awareness programs based on an RFID access control system for inside information leakage prevention

  • Kyong-Ho Choi
  • DongHwi LeeEmail author
Article

Abstract

Systematic security policies and plans of many organizations or enterprises can be degraded due to user’s inattention and unconcern. Therefore, it is very important to guide establishing security policies through the education for users. However, existing security awareness program has problems that is not reflect for different user’s security level and not evaluation of the security policy that is established and implemented, because it use educating for users in the form of a cluster education on uniform contents. Thus in this study, we proposed a strengthening security awareness program using an intensive training method for users based on detecting violations of the established security policy. For detecting violation of established security policy, we use a physical access control method by RFID that protects data from an information system accessed by unauthorized persons through physical ways for visual checking. The strengthening security awareness program proposed in this study increases security levels for the users who have low security awareness levels and can intercept potential leakage paths of important information through improving minimum security levels in organizations or enterprises.

Keywords

Security awareness RFID Access control Information security Security training 

Notes

Acknowledgments

This work was supported by a grant from Kyonggi university advanced Industrial Security Center of Korea Ministry of Knowledge Economy

References

  1. 1.
    Andress J (2011) The basics of information security. ElsevierGoogle Scholar
  2. 2.
    Broderick JS (2006) ISMS, security standards and security regulations. Inf Secur Tech Rep 11:26–31CrossRefGoogle Scholar
  3. 3.
    Choi KH, Kim JM, Lee D (2012) Network 2-Factor Access Control system based on RFID security control system. J Inf Secur 12(3):53–58Google Scholar
  4. 4.
    Colwill C (2009) Human factors in information security: the insider threat—who can you trust these days? Inf Secur Tech Rep 14(4):186–196CrossRefGoogle Scholar
  5. 5.
    Cone BD, Irvine CE, Thompson MF, Nguyen TD (2007) A video game for cyber security training and awareness. Comput Secur 26(1):63–72CrossRefGoogle Scholar
  6. 6.
    Drevin L, Kruger HA, Steyn T (2007) Value-focused assessment of ICT security awareness in an academic environment. Comput Secur 26(1):36–43CrossRefGoogle Scholar
  7. 7.
    Eminağaoğlu M, Uçar E, Eren Ş (2009) The positive outcomes of information security awareness training in companies—a case study. Inf Secur Tech Rep 14(4):223–229CrossRefGoogle Scholar
  8. 8.
    Goucher W (2011) Look behind you: the dangers of shoulder surfing. Comput Fraud Secur 2011(11):17–20CrossRefGoogle Scholar
  9. 9.
    Huang W, Mille A (2006) ConKMeL: a contextual knowledge management framework to support multimedia e-learning. Multimed Tools Appl 30:205–219CrossRefGoogle Scholar
  10. 10.
    Huber J, Ding Y (2013) Adapting web pages using graph partitioning algorithms for user-centric multi-device web browsing. Multimed Tools Appl 62:209–231CrossRefGoogle Scholar
  11. 11.
    Kapsalis V, Hadellis L, Karelis D, Koubias S (2006) A dynamic context-aware access control architecture for e-services. Comput Secur 25(7):507–521CrossRefGoogle Scholar
  12. 12.
    Kim JM, Choi KH, Lee D-H (2012) Network Group Access Control system using piggy-backing prevention technique based on infrared-ray. J Inf Secur 12(4)Google Scholar
  13. 13.
    Kim MS, Lee D-H (2012) A way of securing the access by using PCA. J Inf Secur 12(3):3–10Google Scholar
  14. 14.
    Lee D-H, Kim B, Kim KJ (2010) PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions. Multimed Tools Appl. doi: 10.1007/s11042-010-0675-z Google Scholar
  15. 15.
    Long J, Pinzon S, Wiles J, Mitnick KD (2008) No tech hacking. SYNGRESSGoogle Scholar
  16. 16.
    Montoliu R, Blom J, Gatica-Perez D (2013) Discovering places of interest in everyday life from smartphone data. Multimed Tools Appl 62:179–207CrossRefGoogle Scholar
  17. 17.
    Preda S, Cuppens F, Cuppens-Boulahia N, Garcia-Alfaro J, Toutain L (2011) Dynamic deployment of context-aware access control policies for constrained security devices. J Syst Softw 84(7):1144–1159CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Center for IndustryKyonggi UniversitySuwon-SiSouth Korea
  2. 2.Department of Industrial SecurityKyonggi UniversitySuwon-SiSouth Korea

Personalised recommendations