Information Security Awareness资讯安全认知知识讲稿.ppt

Information Security Awareness資訊安全認知 4 Problems Why ING needs the information security platform ? What are the differences between e-learning and information security platform ? 5 Systems Development inInformation Systems Research JAY F. NUNAMAKER, JR., MINDER CHEN, and TITUS D. M. PURDIN Journal of Management Information Systems I Winter 1990-91, Vol. 7, No, 3, pp. 89-106. 6 The Integrated Framework of Information Security Awareness Information Security Awareness Platform Evaluation of Organizational Information Security Awareness Materials and Methods for Information Security Awareness 7 Situation Awareness 決策 行為成效 情 境 認 知 未來預測 Level 3 現況了解 Level 2 元素知覺 Level 1 系統功能 介面設計 壓力/工作負荷 複雜度 自動化 目標 預期 環境 狀況 能力 經驗 訓練 個人因素 作業或系統 因素 長期記憶 自動性 資訊處理機制 Endsley, M.R. and Garland D.J (Eds.) (2000) Situation Awareness Analysis and Measurement. Mahwah , NJ：Lawrence Erlbaum Associates, 8 Research Design What is your opinion? 9 The Evaluation Form of Information Security Awareness PART I: Laws and Regulations 1.1 Laws and Regulations 1.1.1 I understand the meaning of ‘the basic policy structure for IT security in the Federal government’ in the concept of ‘Laws and Regulations.’ 1.2 Policies and Procedures 1.2.1 I understand the meaning of ‘IT security safeguards are intended to achieve specific control objectives’ in the concept of ‘Policies and Procedures.’ 1.2.2 I understand the meaning of ‘procedures define the technical and procedural safeguards that have been implemented to enforce the specified policies’ in the concept of ‘Policies and Procedures.’ 10 NIST SP800-16 ABC’s OF INFORMATION TECHNOLOGY SECURITY A Assets – Something of value requiring protection (hardware, software, data, reputation) B Backup – The three most important safeguards – backup, backup, backup C Countermeasures and Controls – Prevent, detect, and recover from security incidents D DAA and Other Officials – Mana