Johan Van Niekerk

From information security to cyber security

The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. Moreover, the paper posits that cyber security goes beyond the boundaries of traditional information security to include not only the protection of information resources, but also that of other assets, including the person him/herself. In information security, reference to the human factor usually relates to the role(s) of humans in the security process. In cyber security this factor has an additional dimension, namely, the humans as potential targets of cyber attacks or even unknowingly participating in a cyber attack. This additional dimension has ethical implications for society as a whole, since the protection of certain vulnerable groups, for example children, could be seen as a societal responsibility.

Assessing information security culture: A critical analysis of current approaches

Todays businesses operate in an interconnected and global environment allowing them to collaborate with one another and share information resources. At the same time this interconnectivity exposes the organization to many internal (employees) and external threats. Internal threat is among the top information security issues facing organizations as the human factor is regarded the weakest link in the security chain. To address this “human factor” researchers have suggested the fostering of an information security culture to address the human behavior so that information security becomes a second nature to employees. An important step in the fostering of an information security culture is the assessment of the current state of the culture. This paper focuses on the analysis and comparison of current information security culture assessment approaches, to evaluate their suitability specific for use in the culture change process.

Sweetening the medicine: educating users about information security by means of game play

Employees of companies are often unable to work securely, because they lack knowledge in the field of Information Security. This paper is based on the premise that a computer game could be used to educate employees about Information Security. A game was developed with the aim of educating employees in this field of study. If people were motivated to play the game, without external motivation from an organisation, then these people would also be motivated to learn about information security. Therefore, a secondary aim of this game was to be self-motivating. An experiment was conducted in order to test whether or not these aims were met. The experiment was conducted on a play test group and a control group. The play test group played the game before completing a questionnaire, while the control group, simply, completed the questionnaire. This paper discusses the research design of the experiment and also provides an initial analysis of the results. The game design will be discussed which also provides guidelines for future game designers to follow.

The effectiveness of brain-compatible blended learning material in the teaching of programming logic

Abstract Blended learning is an educational approach which integrates seemingly distinct educational approaches, such as face-to-face and online experiences. In a blended learning environment the classroom lectures can, for example, be augmented with learning material offered in a variety of technologically delivered formats. There exist extensive evidence that a blended learning approach which mixes face-to-face and online learning materials is substantially more effective than using only face-to-face educational methods. However, in order to be effective, blended learning course material should still be designed and presented according to sound pedagogical principles. This article presents the results of an experiment to augment the teaching of fundamental programming logic based on the pedagogical principles underpinning brain-compatible learning materials via e-learning delivery mechanisms. The research uses both qualitative and quantitative methods. Results show promise for this use of brain-compatible material in a blended learning context.

Back to Basics: Information Security Education for the Youth via Gameplay

Cyber technology and information resources are both fundamental components of everybody’s daily life. This means that both society’s adults and youths are exposed to both the benefits and dangers that accompany these resources. Cyber security education is becoming a necessary precaution for individuals to learn how to protect themselves against the dangers of the technologies and resources. This is particularly important for the current and future youth who are the most technology literate generations. This paper presents a novel educational approach that can be used to introduce information security concepts to the youth from a very young age.

Snakes and ladders for digital natives: information security education for the youth

Purpose – This paper aims to educate the youth about information security. Cyber technologies and services are increasingly becoming integrated into individual’s daily lives. As such, individuals are constantly being exposed to the benefits and risks of these technologies. Cyber security knowledge and skills are becoming fundamental life skills for today’s users. This is particularly true for the current generation of digital natives. Design/methodology/approach – Within the design science paradigm, several case studies are used to evaluate the research artefact. Findings – The authors believe that the presented artefact could effectively convey basic information security concepts to the youth. Research limitations/implications – This study had a number of limitations. First, all the learner groups who participated in this study were too small to enable analysis of findings for statistical significance. Second, the data compiled on the long-term effectiveness of the game for Group B was incomplete. This l...

Using Bloom’s Taxonomy for Information Security Education

The importance of educating organizational end users about their roles and responsibilities towards information security is widely acknowledged. However, many current user education programs have been created by security professionals who do not necessarily have an educational background. This paper show how the use of learning taxonomies, specifically Bloom’s taxonomy, can improve such educational programs. It is the authors belief that proper use of this taxonomy will assist in ensuring the level of education is correct for the intended target audience.

A web-based Information Security Management Toolbox for small-to-medium enterprises in Southern Africa

Many small-to-medium sized enterprises are finding it extremely difficult to implement proper information security governance due to cost implications. Due to this lack of resources, small enterprises are experiencing challenges in drafting information security policies as well as monitoring their implementation and compliance levels. This problem can be alleviated by means of a cost effective ”dashboard system” and automated policy generation tool. This paper will critically evaluate an existing policy generation tool, known as the Information Security Management Toolbox, and will propose improvements to this existing system based on changes in both information security standards and business needs, since the development of the original system.

Evaluating the Cisco Networking Academy Program’s Instructional Model against Bloom’s Taxonomy for the Purpose of Information Security Education for Organizational End-Users

Organizational end-user information security end-user education is becoming increasingly more important in the current information society. Without the active co-operation of knowledgeable employees, organizations cannot effectively protect their valuable information resources. Most current information security educational programs lack a theoretical basis. This paper briefly examines the use of Bloom’s learning taxonomy to help address this lack of theoretical basis. The paper further investigates the applicability of the Cisco Networking Academy Program’s (CNAP) instructional model for the delivery of end-user information security instructional content, planned with the assistance of Bloom’s taxonomy.

Brain-compatible, web-based information security education: a statistical study

Purpose – This paper aims to demonstrate that learners prefer brain-compatible cyber security educational material, over traditional presentation methods. Design/methodology/approach – A prototype brain-compatible cyber security educational system was evaluated using a survey as a research instrument. Findings – Presenting cyber security material in a brain-compatible manner is an effective way in which to stimulate the learners’ interest, engages them in the learning experience and motivates them to learn. Originality/value – As far as could be determined, no previous studies showed the relevance of brain-compatible pedagogical techniques to cyber security education.