A Framework to Assess the Computer Security Skills of People in the Information Society
The so-called Information Society is founded on information and communication technologies (ICT). A wide variety of people use ICT to create, distribute, consume and manipulate information in a daily basis. Although there are experts skilled in security issues, most ICT users have not got a vast knowledge and understanding of the risks that a wrong employment of ICT might imply. Notwithstanding, it is not apparent how to measure the actual level of awareness of the users and their computer security skills. With the aim to address this problem, we propose a framework to assess the computer security skills of ICT users. First, we identify a set of assessment areas to consider. Second, we define the indicators that allow the computation of area indexes with which we can value the computer security skills of ICT users. Our proposal has been tested in practice and we present the study and the obtained results. Thanks to the proposed framework, it is possible to gather precise information about the security understanding of people. As a result of this knowledge, specific actions could be taken on the analysed subjects. Thus, we provide a comprehensive analysis tool for IT managers, CTO and e-Government experts interested in improving the computer security skills of their staffs within their departments, companies and administrations.
Authors: Antoni Martínez-Ballesté, Juan Francisco Martínez-Cerda, Agusti Solanas.
Publication date: 2013/1/1
Journal: Proceedings of the World Congress on Engineering