A Study of the Development of Information Security Awareness Scale Using AHP and Delphi Methods

• Main Authors: Chih-pin Wang, 王志斌
• Other Authors: Rei-yao Wu
• Format: Others
• Language: zh-TW
• Published: 2009
• Online Access: http://ndltd.ncl.edu.tw/handle/08331237321397412416

碩士 === 世新大學 === 資訊管理學研究所(含碩專班) === 97 === Nowadays, the man-made factor resulted from “personnel” is the most important factor in the accidents which related to the information security. In order to improve the cognitive ability for each user and to prevent from the events about the information security, the users need to have a nice training based on his/her learning for the information security awareness. In this thesis, based on NIST SP 800-16 (Information Technology Security Training Requirements: A Role-and-performance-based Model) and NIST 800-50 (Building an Information Technology Security Awareness and Training Program), the AHP and Delphi Method are applied to design “Information Security Awareness Scale” for all types of the organizations. The Scale of Information Security Awareness can be provided as the references for the information security education and training plans. For the practical implements in the government organization, we have the conclusions listed below. First, for the employees in the government organization, the two items, “Law and Regulations” and “The Organization and IT Security”, are with the higher weights among the nine criticized items in the Information Security Awareness Scale. However, the three items, “Acquisition/ Development/ Installation/ Implementation Controls”, “Technical Controls” and “Sensitivity”, are with the lower weights in the Information Security Awareness Scale. Second, the cognitive ability for “The Organization and IT Security” is improved for the implements of the information security training. However, there is no prominent improvement on the cognitive abilities for “Law and Regulations”, “Risk Management” and “Acquisition/ Development/ Installation/ Implementation Controls”. Finally, for the employees in the government organization, the items, “Law and Regulations”, “Countermeasures and Control”, “Expect the Unexpected”, “Need to Know”, “Security Training”, “DAA and other Officials”, “Backup”, “Quality Assurance/Quality Control”, “Unique Identifiers” are with the lower weights among the twenty-four conceptual items in the Information Security Awareness Scale.