Advertisement

DSAPE – Dynamic Security Awareness Program Evaluation

  • Charalampos Manifavas
  • Konstantinos Fysarakis
  • Konstantinos Rantos
  • George Hatzivasilis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

This paper addresses the importance of continuously evaluating an organization’s awareness program and provides guidelines that will help organizations assess their efforts, extending the authors’ work in [1]. The proposed methodology evaluates an awareness program considering the most common and essential methods used for delivering awareness material. Key awareness-related processes and accompanying quantitative metrics are identified, along with a methodology for dynamically evaluating the metrics and the overall awareness program as a whole. A software tool is developed, to facilitate the deployment and maintenance of the assessment methods and to formalize their aggregation and evaluation. An organization’s security awareness posture is modelled as a dynamic system and the awareness level is calculated and monitored through time via Event Calculus. Furthermore, the tool can be deployed in a multi-agent form, to enable its use by organizations operating through remote offices and distributed locations.

Keywords

security awareness evaluation methodology security management event calculus JESS JADE multi-agent 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Rantos, K., Fysarakis, K., Manifavas, C.: How effective is your security awareness program? – An evaluation methodology. Information Security Journal: A Global Perspective 21(6), 328–345 (2012)Google Scholar
  2. 2.
    Tryfonas, T., Kiountouzis, E., Poulymenakou, A.: Embedding security practices in contemporary information systems development approaches. Information Management & Computer Security 9(4), 183–197 (2001)CrossRefGoogle Scholar
  3. 3.
    Petroulakis, N.E., Askoxylakis, I.G., Tryfonas, T.: Life-logging in smart environments: Challenges and security threats. In: 2012 IEEE International Conference on Communications (ICC), June 10-15, pp. 5680–5684 (2012)Google Scholar
  4. 4.
    Deloitte, Global Security Survey (2010)Google Scholar
  5. 5.
    European Network and Information Security Agency (ENISA), The new users’ guide – How to raise InfoSec Awareness (2010)Google Scholar
  6. 6.
    National Institute of Standards and Technology (NIST), Special Publication 800-50: Building an information technology security awareness and training program (2003)Google Scholar
  7. 7.
    Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Computers & Security 25, 289–296 (2006)CrossRefGoogle Scholar
  8. 8.
    Savola, R.: A Novel Security Metrics Taxonomy for R&D Organizations. In: Proceeding of the ISSA 2008 Innovative Minds Conference, ISSA 2008, Gauteng Region (Johannesburg), South Africa, July 7-9 (2008)Google Scholar
  9. 9.
    National Institute of Standards and Technology (NIST), Special Publication 800-55, Revision 1: Performance Measurement Guide for Information Security (2008)Google Scholar
  10. 10.
    National Institute of Standards and Technology (NIST), Special Publication 800-16: Information technology security training requirements: a role- and performance-based model (1998)Google Scholar
  11. 11.
    Muller, E.T.: Commonsense reasoning. M. Kaufmann (2010)Google Scholar
  12. 12.
    Patkos, T., Plexousakis, D.: DECKT: epistemic reasoning for ambient intelligence. ERCIM News Magazine – Special Theme: Intelligent and Cognitive Systems (84) (January 2011), http://ercim-news.ercim.eu/en84/special/deckt-epistemic-reasoning-for-ambient-intelligence
  13. 13.
    Oracle-Java, JESS: the Rule Engine for the Java Platform, http://herzberg.ca.sandia.gov/
  14. 14.
    Hatzivasilis, G.: Multi-agent distributed epistemic reasoning in ambient intelligence environments. Master Thesis, University of Crete, Computer Science Department, Greece, Crete, Heraklion – Foundation for Research and Technology – Hellas, Institute of Computer Science (FORTH-ICS) (November 2011), http://www.ics.forth.gr/_publications/Hatzivasilis_Master_Thesis.pdf
  15. 15.
    JADE, Java Agent DEvelopnet (JADE) Framework, http://jade.tilab.com/
  16. 16.
    FIPA-ACL, Agent Communication Language (ACL), http://en.wikipedia.org/wiki/Agent_Communication_Language
  17. 17.
    Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Computers & Security 25, 289–296 (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Charalampos Manifavas
    • 1
  • Konstantinos Fysarakis
    • 2
  • Konstantinos Rantos
    • 3
  • George Hatzivasilis
    • 2
  1. 1.Dept. of Informatics EngineeringTechnological Educational Institute of CreteHeraklionGreece
  2. 2.Dept. of Electronic & Computer EngineeringTechnical University of CreteChaniaGreece
  3. 3.Dept. of Computer & Informatics Engineering, Eastern Macedonia andThrace Institute of TechnologyKavalaGreece

Personalised recommendations