欢迎来到得力文库 - 分享文档赚钱的网站! | 帮助中心 好文档才是您的得力助手!
得力文库 - 分享文档赚钱的网站
全部分类
  • 研究报告 >
    研究报告
    其他报告 可研报告 医学相关 环评报告 节能报告 项目建议 论证报告 机械工程 设计方案 版权保护 对策研究 可行性报告 合同效力 饲养管理 给排水 招标问题
  • 管理文献 >
    管理文献
    管理手册 管理方法 管理工具 管理制度 事务文书 其他资料 商业计划书 电力管理 电信行业策划 产品策划 家电策划 保健医疗策划 化妆品策划 建材卫浴策划 酒水策划 汽车策划 日化策划 医药品策划 策划方案 财务管理 企业管理
  • 标准材料 >
    标准材料
    石化标准 机械标准 金属冶金 电力电气 车辆标准 环境保护 医药标准 矿产资源 建筑材料 食品加工 农药化肥 道路交通 塑料橡胶
  • 技术资料 >
    技术资料
    施工组织 技术标书 技术方案 实施方案 技术总结 技术规范 国家标准 行业标准 地方标准 企业标准 其他杂项
  • 教育专区 >
    教育专区
    高考资料 高中物理 高中化学 高中数学 高中语文 小学资料 幼儿教育 初中资料 高中资料 大学资料 成人自考 家庭教育 小学奥数 单元课程 教案示例
  • 应用文书 >
    应用文书
    工作报告 毕业论文 工作计划 PPT文档 图纸下载 绩效教核 合同协议 工作总结 公文通知 策划方案 文案大全 工作总结 汇报体会 解决方案 企业文化 党政司法 经济工作 工矿企业 教育教学 城建环保 财经金融 项目管理 工作汇报 财务管理 培训材料 物流管理 excel表格 人力资源
  • 生活休闲 >
    生活休闲
    资格考试 党风建设 休闲娱乐 免费资料 生活常识 励志创业 佛教素材
  • 考试试题 >
    考试试题
    消防试题 微信营销 升学试题 高中数学 高中政治 高中地理 高中历史 初中语文 初中英语 初中物理 初中数学 初中化学 小学数学 小学语文 教师资格 会计资格 一级建造 事业单位考试 语文专题 数学专题 地理专题 模拟试题库 人教版专题 试题库答案 习题库 初中题库 高中题库 化学试题 期中期末 生物题库 物理题库 英语题库
  • pptx模板 >
    pptx模板
    企业培训 校园应用 入职培训 求职竞聘 商业计划书 党政军警 扁平风格 创意新颖 动态模版 高端商务 工作办公 节日庆典 静态模板 卡通扁平 融资路演 述职竟聘 图标系列 唯美清新 相册纪念 政府汇报 中国风格 商业管理(英) 餐饮美食
  • 工商注册 >
    工商注册
    设立变更 计量标准 广告发布 检验检测 特种设备 办事指南 医疗器械 食药局许可
  • 期刊短文 >
    期刊短文
    信息管理 煤炭资源 基因工程 互联网 农业期刊 期刊 短文 融资类 股权相关 民主制度 水产养殖 养生保健
  • 图片设计 >
    图片设计
    工程图纸
  • 换一换
    首页 得力文库 - 分享文档赚钱的网站 > 资源分类 > DOCX文档下载
     

    The_impact_of_information_richness_on_information_.docx

    • 资源ID:1167       资源大小:169.14KB        全文页数:10页
    • 资源格式: DOCX        下载权限:游客/注册会员    下载费用:2金币 【人民币2元】
    快捷注册下载 游客一键下载
    会员登录下载
    三方登录下载: 微信快捷登录 QQ登录  
    下载资源需要2金币 【人民币2元】
    邮箱/手机:
    温馨提示:
    支付成功后,系统会自动生成账号(用户名和密码都是您填写的邮箱或者手机号),方便下次登录下载和查询订单;
    支付方式: 微信支付    支付宝   
    验证码:   换一换

     
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,既可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰   

    The_impact_of_information_richness_on_information_.docx

    See discussions, stats, and author profiles for this publication at https// The impact of ination richness on ination security awareness training effectiveness Article in Computers Education January 2009 DOI 10.1016/pedu.2008.06.011 Source DBLP CITATIONS 65 READS 985 4 authors, including Ruey-Shiang Shaw Tamkang University 13 PUBLICATIONS 243 CITATIONS Charlie C. Chen Appalachian State University 71 PUBLICATIONS 824 CITATIONS SEE PROFILE SEE PROFILE Albert Harris Appalachian State University 17 PUBLICATIONS 218 CITATIONS SEE PROFILE All content following this page was uploaded by Albert Harris on 25 August 2014. The user has requested enhancement of the downloaded file. All in-text references underlined in blue are added to the original document and are linked to publications on ResearchGate, letting you access and read them immediately. Computers Education 52 2009 92–100 Contents lists available at ScienceDirect Computers Education j o u r n al hom ep ag e www. el se vi er .com /l ocate / co mpe d u The impact of ination richness on ination security awareness training effectiveness R.S. Shaw a, Charlie C. Chen b, Albert L. Harris b,*, Hui-Jou Huang c a Department of Ination Management, Tamkang University, Taipei, Taiwan b Appalachian State University, Department of Computer Ination Systems, Boone, NC 28608, United States c HTC Corporation, Taipei, Taiwan a r t i c l e i n f o Article history Received 13 February 2008 Received in revised 26 June 2008 Accepted 27 June 2008 Keywords Ination richness Ination security Security awareness Hypermedia Multimedia Hypertext a b s t r a c t In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, ination security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made ination security awareness a top pri- ority. The three main barriers to ination security awareness are 1 general security awareness, 2 employees’ computer skills, and 3 organizational budgets. Online learning appears a feasible alternative to providing ination security awareness and countering these three barriers. Research has identified three levels of security awareness perception, comprehension and projection. This paper reports on a laboratory experiment that investigates the impacts of hypermedia, multimedia and hypertext to increase ination security awareness among the three awareness levels in an online training environ- ment. The results indicate that 1 learners who have the better understanding at the perception and comprehension levels can improve understanding at the projection level; 2 learners with text material per better at the perception level; and 3 learners with multimedia material per better at the comprehension level and projection level. The results could be used by educators and training designers to create meaningful ination security awareness materials. 2008 Elsevier Ltd. All rights reserved. 1. Introduction The perceived threats of security risks and the adoption of behaviors to minimize them are often not synchronized with each other when it comes to employee actions. A survey of more than 1000 teleworkers in 10 countries showed that regardless of the country, tele- workers tend to have a higher level of security awareness than their behavior shows Wireless News, 2006. Security awareness is the de- gree of understanding of users about the importance of ination security and their responsibilities and acts to rcise sufficient levels of ination security control to protect the organization’s data and networks. Some risk-prone behaviors that are aggravating security concerns include the sharing of corporate computing resources with non-employees, using corporate computing resources for non-work related tasks e.g. online shopping, and opening unknown e-mails and attachments. Most surveyed teleworkers receive more security awareness training than non-teleworker office employees and are bounded by corporate policy to secure their work. Despite these efforts, their actual behaviors in securing corporate networks and ination are less than adequate. This observation poses two important re- search questions. First, it is critical to continuously heighten the security awareness SA culture in organizations and translate this culture into actual security aware behaviors. Second, most SA training available to date may not be effective to bridge the gap between perception and behavior. Additional training alternatives are needed to more effectively bridge the gap. The size of networks continues to grow and, along with this growth, there is an increase of security risks. A longitudinal study on SA shows that, over the 2004–2006 time frames, the average loss and the number of reported security breaches were significantly reduced Lawrence, Loeb, Richardson, 2006. One major cause of this improvement in security problems is the continuous investment of small and medium sized firms in both ination security technology and SA programs Lawrence et al., 2006. Ination technology person- nel alone are not effective in stopping security breaches from happening; the security awareness of end users must be improved. * Corresponding author. Tel. 1 828 262 6180; fax 1 828 262 6190. E-mail address harrisalappstate.edu A.L. Harris. 0360-1315/ - see front matter 2008 Elsevier Ltd. All rights reserved. doi10.1016/pedu.2008.06.011 R.S. Shaw et al. / Computers Education 52 2009 92–100 93 The number of layers of technological defense can be as strong as possible. However, it takes only a minor mistake e.g. writing pass- words on a notepad, leaving the PC on without locking the door made by a user to undermine sophisticated security technology. Users with low security awareness are one of the weakest security loopholes. A robust awareness program is paramount to ensuring that people understand their IT security responsibilities, organizational policies, and how to properly use and protect the IT resources entrusted to them NIST SP 800-16, 1998. After receiving an effective SA program, the mindset of users should be able to progress from ‘‘become aware” to ‘‘be aware” to ‘‘stay aware” of security threats Schlienger Teufel, 2003. One of the critical success factors of a SA program is the relevance, timeliness, and consistency of security ination because infor- mation risk profiles never stop changing Kruger Kearney, 2006. Equally important is the delivery of the latest security ination in different ways e.g. newsletter, video, seminar and lecture so that users receive many different messages. As online learning technology makes rapid progress, many of its features e.g. e-mail broadcasting, online synchronous and asynchronous discussion, ination upload- ing, blogging, animation, and multimedia appear to be a feasible alternative to deliver SA programs. E-learning systems hold the promise of providing a vehicle for effective delivery of SA programs to everyone in an organization. Many challenges appear when trying to realize the true efficacy of an online SA program. A major challenge with SA programs is the lack of a fully developed ology to deliver them Valentine, 2006. Other challenges may include ● How should course materials be constructed to reflect the personal needs of a variety of end users ● How often should the ination be updated ● How does one manage the ination to help end users sense the urgency of security breach events ● How does one combine different features of online learning systems to develop an effective SA program The focus of this study was to provide insights on the influence of ination richness on the effectiveness of online SA programs. An integrative research model was proposed based on a thorough literature review. Hypotheses were constructed to examine the relationships among constructs of the research model. Media that varied in the degree of ination richness were the vehicles to deliver online SA programs. We compared four attributes – feedback compatibility, multiple cues, language variety, and personal focus – of ination rich- ness with respect to their influence on learning effectiveness of SA programs. We derived our findings based on statistical analysis of the data. Seven of the eight hypotheses were supported. 2. Conceptual foundations 2.1. The growing importance of a SA program in an organization In the emerging web savvy society, security vulnerabilities via intense online social activities e.g. myS; F, blog- ging, instant messaging, YouT, etc. are growing exponentially. Users engaging in online activities are equipped with varying and unequal levels of security awareness. This security awareness disparity has resulted in weak lines of ‘‘people” defense. Further aggravating the weak line is the continuous evolving of new risks and attacks to elude widely accepted security technology e.g. virus control, anti- spam software, and firewalls Claburn, 2005. As a result, the improvement of security awareness levels of general users needs to be one of today’s top security concerns. If not, no matter how much sophisticated security technology is deployed, a small human mistake e.g. releasing confidential ination to malicious attackers; or connecting a corporate laptop to unsecured wireless networks in an air- port can turn these technologies into defenseless targets. With peer-to-peer and group-to-group interactions becoming online social norms, ination security can never be stressed enough. Prominent web-related security risks range from stealing user ids and passwords to classified spamming, to privacy intrusion, to copyright violations. For those users not actively involving in an online social activity, security risks e.g. identity theft, password protection, etc. persistently exist. Users with low security awareness are often careless in handling personal and confidential ination, which includes the confidentiality, availability and integrity of personal ination Schneider Therkalsen, 1990. The source of security risks can orig- inate from software, hardware, network, technical skills, and casual computing. It is imperative that an organization trains users to be aware of security risk sources, and take corrective actions if vulnerabilities do occur. 2.2. Major challenges with the existing SA programs in enhancing SA levels of users Poor security behavior of many users e.g. user security errors, carelessness, and negligence has contributed to many security breaches. An increased number of organizations are recognizing the importance of having a SA program in place. Inherent in the success of a SA pro- gram is to ensure that employees achieve three levels of awareness of security risks perception, comprehension and projection. As more employees of an organization make progress along these three levels, the ‘‘people” side security can be heightened. The heightening of end user security awareness can help inculcate security cultures and values, thereby developing better security competency. However, the one- size-fits-all approach at both the organization-level and the individual-level has contributed to the varied perance of SA programs Valentine, 2006. It is essential to have a more consistent ology to tailor a SA program based on the levels of security awareness to be achieved. 2.2.1. Level 1 SA perception The first step towards securing an organization is to sense and detect potential security risks of its business environment. Perception is to achieve an understanding of the presence or awareness of a threat. The odds of ing a correct picture of security threats of the sur- roundings can be largely enhanced with the improvement of the perception of security awareness. One international firm adopted a phase- based global SA program and gradually rolled out an online and offline SA program. They were able to successfully enhance the perception of security awareness of more than 100,000 employees in 100 countries Power Forte, 2006. 94 R.S. Shaw et al. / Computers Education 52 2009 92–100 2.2.2. Level 2 SA comprehension The perception of the presence of security risks is insufficient to counterattack those identified risks. Security risks pose a wide variety of threats to an organization because of their natural differences. It is important for users to comprehend, understand, and assess the dangers posed by different security risks. The emphasis of training to improve the second SA level is to ensure that users know how to integrate ination from multiple sources and interpret them in the right direction. More importantly, users need to have the ability to dissem- inate ination that can assist users in combating the security risks in their surrounding environment Jones Endsley, 1996. The improvement of user comprehension of security risks can change the way people think about risks and controls. SA at level 2 can further ease the persuasion and argumentation process that is inherent in getting company-wide attention Highland, 1995. 2.2.3. Level 3 SA projection Prevention is better than cure. To prevent potential risks from occurring, end users need to have the ability to project or predict the future course of security attacks. Projection is the third level of improvement in security awareness. The ability to anticipate future situ- ational events indicates that users have the highest level of understanding of their surroundings. Timely decisions can be made with the readiness of the projection ability. In the fields of air traffic control, power plant operations, maintenance, and medicine, most skilled ex- perts are well equipped with the ability to project future conditions Endsley Garland, 2000. The ultimate goal of an effective SA program is to prepare users with the ability of projecting potential security risks. Given the three levels of security awareness, two hypotheses were developed for investigation. They were Hypothesis 1 Users with a higher perception level of security risks are more likely to have a higher comprehension level of these risks. Hypothesis 2 Users with a higher comprehension level of security risks are more likely to have a better ability to project potential secu- rity risks. 2.3. E-learning systems as a feasible alternative to deliver SA programs Many users find existing SA programs boring and ineffective Leach Behaviour, 2003. The Web is an ideal vehicle to deliver online SA programs to overcome the learning ineffectiveness. Course materials in digital ats can be so diverse that they can be developed to raise the learning interest

    注意事项

    本文(The_impact_of_information_richness_on_information_.docx)为本站会员(admin)主动上传,得力文库 - 分享文档赚钱的网站仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知得力文库 - 分享文档赚钱的网站(发送邮件至8877119@qq.com或直接QQ联系客服),我们立即给予删除!

    温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。




    关于得利文库 - 版权申诉 - 免责声明 - 上传会员权益 - 联系我们

    工信部备案号:黑ICP备15003705号-8 |经营许可证:黑B2-20190332号 |营业执照:91230400333293403D|公安局备案号:备案中

    © 2017-2019 www.deliwenku.com 得利文库. All Rights Reserved 黑龙江转换宝科技有限公司  


    收起
    展开