A web-based information security awareness and training system

Abstract

Increasingly, most of the business environments today are more dependent on technology for various business processes. With the emerging of technology, information security has become a critical issue for most organizations. However, some organizations still find it difficult to address information security because of limited funds, resources, and expertise in the security field. The human factor continues to play a major role in information security. Most of the security attacks and vulnerabilities in organizations are aided by employees who have not been made aware of how to handle organizations’ information and to operate systems more securely. Despite the various technical and nontechnical security measures that could be put in place by an organization, employees remain the greatest security threat to information systems. Consequently, organizations in Uganda are being faced with the challenge of improving security awareness amongst the end-users. To ensure that employees can deal with the security attacks more efficiently, an effective and relevant security awareness training must be carried out regularly amongst the employees. This study adopted the agile development methodology to design and develop a web-based information system tailored specifically towards raising the level of security awareness in organizations amongst all employees, to address the shortcomings in the existing security awareness training tools. The web-based information system is accessed by employees to take assessments. The assessments are graded according to the performance and the weak areas according to the assessment are identified. The analysis from the assessments is used to address the identified security gaps through customizing security awareness training to address the specific employee security awareness needs.