Using Bloom’s Taxonomy for Information Security Education

  • Johan Van Niekerk
  • Rossouw von Solms
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 406)


The importance of educating organizational end users about their roles and responsibilities towards information security is widely acknowledged. However, many current user education programs have been created by security professionals who do not necessarily have an educational background. This paper show how the use of learning taxonomies, specifically Bloom’s taxonomy, can improve such educational programs. It is the authors belief that proper use of this taxonomy will assist in ensuring the level of education is correct for the intended target audience.


Learning Objective Information Security Cognitive Domain Knowledge Dimension Information Security Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Van Niekerk, J., Von Solms, R.: An holistic framework for the fostering of an information security sub-culture in organizations. Information Security South Africa (ISSA), Johannesburg, South Africa (2005)Google Scholar
  2. 2.
    Puhakainen, P.: A design theory for information security awareness. PhD thesis, Acta Universitatis Ouluensis A 463, The University of Oulu (2006)Google Scholar
  3. 3.
    Siponen, M.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8(1), 31–41 (2000)CrossRefGoogle Scholar
  4. 4.
    Anderson, L., Krathwohl, D., Airasian, P., Cruikshank, K., Mayer, R., Pintrich, P., Raths, J., Wittrock, M.: A Taxonomy for Learning, Teaching, and Assessing: A Revision of Bloom’s Taxonomy of Educational Objectives, Complete edn. Longman (2001)Google Scholar
  5. 5.
    Creswell, J.W.: Qualitative Inquiry and Research Design: Choosing among Five Traditions. Sage, Thousand Oaks (1998)Google Scholar
  6. 6.
    Van Niekerk, J., Von Solms, R.: Bloom’s taxonomy for information security education. Information Security South Africa (ISSA), Johannesburg, South Africa (2008)Google Scholar
  7. 7.
    Sousa, D.A.: How the brain learns, 3rd edn. Corwin Press (2006)Google Scholar
  8. 8.
    Fuller, U., Johnson, C.G., Ahoniemi, T., Cukierman, D., Hernán-Losada, I., Jackova, J., Lahtinen, E., Lewis, T.L., Thompson, D.M., Riedesel, C., Thompson, E.: Developing a computer science-specific learning taxonomy. SIGCSE Bull 39(4), 152–170 (2007)CrossRefGoogle Scholar
  9. 9.
    Roper, C., Grau, J., Fischer, L.: Security Education, Awareness and Training: From Theory to Practice. Elsevier Butterworth Heinemann (2005)Google Scholar
  10. 10.
    Van Niekerk, J., Von Solms, R.: Corporate information security education: Is outcomes based education the solution? In: 10th IFIP WG11.1 Annual Working Conference on Information Security Management, World Computer Congress (WCC), Toulouse, France (2004)Google Scholar
  11. 11.
    National Institute of Standards and Technology: NIST 800-16: Information Technology Security Training Requirements: A Role- and Performance-Based Model. NIST Special Publication 800-16, National Institute of Standards and Technology (1998)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Johan Van Niekerk
    • 1
  • Rossouw von Solms
    • 1
  1. 1.Institute for ICT AdvancementNelson Mandela Metropolitan UniversitySouth Africa

Personalised recommendations