scholarly journals IMPLEMENTATION OF MACHINE LEARNING FOR HUMAN ASPECT IN INFORMATION SECURITY AWARENESS

2021 ◽  
pp. 1-17
Author(s):  
Valentina Siwi Saridewi ◽  
Riri Fitri Sari
Keyword(s):  
Machine Learning ◽  
Information Security ◽  
Confusion Matrix ◽  
Classification Model ◽  
Support Vector ◽  
Security Awareness ◽  
Operating Characteristics ◽  
Information Security Awareness ◽  
Human Aspects ◽  
Human Aspect

This research discussed our experienced on building a machine learning model on the human aspect of information security awareness. The model was built through a classification and clustering approach using a broad outline process including importing data, handling incomplete data, compiling datasets, feature scaling, building models, and evaluating models. The dataset was arranged based on the results of a questionnaire referred to as the the Human Aspects of Information Security Questionnaire (HAIS-Q) to Indonesian society. The results of the classification model were evaluated by several methods, including k-fold Cross Validation analysis, Confusion Matrix, Receiver Operating Characteristics, and score calculation for each model. One of the algorithms in the classification used is the Support Vector Machine that has an accuracy performance of 99.7% and an error rate of 0.3%. One of the algorithms in clustering is the DBSCAN which has an adjusted rand index value of always close to 0.

Matching training to individual learning styles improves information security awareness

2019 ◽  
Vol 28 (1) ◽  
pp. 1-14 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Meredith Lillie ◽  
Beau Ciccarello ◽  
Kathryn Parsons ◽  
...  
Keyword(s):  
Information Security ◽  
Learning Styles ◽  
Cyber Security ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Security Controls ◽  
Human Aspects ◽  
Security Training ◽  
Different Types

Purpose This paper aims to introduce the concept of a framework of cyber-security controls that are adaptable to different types of organisations and different types of employees. One of these adaptive controls, namely, the mode of training provided, is then empirically tested for its effectiveness. Design/methodology/approach In total, 1,048 working Australian adults completed the human aspects of the information security questionnaire (HAIS-Q) to determine their individual information security awareness (ISA). This included questions relating to the various modes of cyber-security training they had received and how often it was provided. Also, a set of questions called the cyber-security learning-styles inventory was used to identify their preferred learning styles for training. Findings The extent to which the training that an individual received matched their learning preferences was positively associated with their information security awareness (ISA) level. However, the frequency of such training did not directly predict ISA levels. Research limitations/implications Further research should examine the influence of matching cyber-security learning styles to training packages more directly by conducting a controlled trial where the training packages provided differ only in the mode of learning. Further research should also investigate how individual tailoring of aspects of an adaptive control framework (ACF), other than training, may improve ISA. Practical implications If cyber-security training is adapted to the preferred learning styles of individuals, their level of ISA will improve, and therefore, their non-malicious behaviour, whilst using a digital device to do their work, will be safer. Originality/value A review of the literature confirmed that ACFs for cyber-security does exist, but only in terms of hardware and software controls. There is no evidence of any literature on frameworks that include controls that are adaptable to human factors within the context of information security. In addition, this is the first study to show that ISA is improved when cyber-security training is provided in line with an individual’s preferred learning style. Similar improvement was not evident when the training frequency was increased suggesting real-world improvements in ISA may be possible without increasing training budgets but by simply matching individuals to their desired mode of training.

Managing information security awareness at an Australian bank: a comparative study

2017 ◽  
Vol 25 (2) ◽  
pp. 181-189 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Agata McCormac ◽  
Dragana Calic
Keyword(s):  
Information Security ◽  
Learning Styles ◽  
International Standards ◽  
Future Research ◽  
Security Awareness ◽  
Web Based ◽  
Content Type ◽  
Information Security Awareness ◽  
Human Aspects ◽  
Major Factors

Purpose The aim of this study was first to confirm that a specific bank’s employees were generally more information security-aware than employees in other Australian industries and second to identify the major factors that contributed to this bank’s high levels of information security awareness (ISA). Design/methodology/approach A Web-based questionnaire (the Human Aspects of Information Security Questionnaire – HAIS-Q) was used in two separate studies to assess the ISA of individuals who used computers at their workplace. The first study assessed 198 employees at an Australian bank and the second study assessed 500 working Australians from various industries. Both studies used a Qualtrics-based questionnaire that was distributed via an email link. Findings The results showed that the average level of ISA among bank employees was consistently 20 per cent higher than that among general workforce participants in all focus areas and overall. There were no significant differences between the ISA scores for those who received more frequent training compared to those who received less frequent training. This result suggests that the frequency of training is not a contributing factor to an employee’s level of ISA. Research limitations/implications This current research did not investigate the information security (InfoSec) culture that prevailed within the bank in question because the objective of the research was to compare a bank’s employees with general workforce employees rather than compare organisations. The Research did not include questions relating to the type of training participants had received at work. Originality/value This study provided the bank’s InfoSec management with evidence that their multi-channelled InfoSec training regime was responsible for a substantially higher-than-average ISA for their employees. Future research of this nature should examine the effectiveness of various ISA programmes in light of individual differences and learning styles. This would form the basis of an adaptive control framework that would complement many of the current international standards, such as ISO’s 27000 series, NIST’s SP800 series and ISACA’s COBIT5.

scholarly journals A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

2017 ◽  
Vol 21 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Tara Zwaans ◽  
...  
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Cultural Changes ◽  
Information Security Awareness ◽  
Training Interventions ◽  
Human Aspects ◽  
Current State ◽  
Awareness Programs ◽  
Test Retest Reliability ◽  
Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

scholarly journals Classification model for accuracy and intrusion detection using machine learning approach

2021 ◽  
Vol 7 ◽  
pp. e437
Author(s):  
Arushi Agarwal ◽  
Purushottam Sharma ◽  
Mohammed Alshehri ◽  
Ahmed A. Mohamed ◽  
Osama Alfarraj
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Nearest Neighbor ◽  
Performance Metrics ◽  
Detection System ◽  
Confusion Matrix ◽  
Machine Learning Algorithms ◽  
Classification Model ◽  
Support Vector ◽  
K Nearest Neighbor

In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

“What about users?”: Development and validation of the mobile information security awareness scale (MISAS)

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Fatih Erdoğdu ◽  
Seyfullah Gökoğlu ◽  
Mehmet Kara
Keyword(s):  
Factor Analysis ◽  
Information Security ◽  
Instant Messaging ◽  
Prototype Model ◽  
Security Awareness ◽  
Technical Aspects ◽  
Content Type ◽  
Information Security Awareness ◽  
Human Aspects ◽  
Mobile Information

PurposeThe current study aimed to develop and validate Mobile Information Security Awareness Scale (MISAS) based on the prototype model for measuring information security awareness and the relevant literature.Design/methodology/approachThe scale was developed and validated with the participation of 562 students from four universities. The construct validity of the scale was tested through exploratory factor analysis and confirmatory factor analysis.FindingsThe reliability of the scale was tested through corrected item-total correlations and Cronbach alpha. The MISAS includes six factors and 17 items. The identified factors were labeled as backup, instant messaging and navigation, password protection, update, access permission and using others' devices.Research limitations/implicationsThe scale included only the human aspects of mobile information security. The technical aspects are not within the scope of this study. For this reason, future studies might develop and validate a different scale focusing on the technical aspects of mobile information security.Originality/valueThe developed scale contributes to the literature on the human aspects of mobile information security.

The effect of resilience and job stress on information security awareness

2018 ◽  
Vol 26 (3) ◽  
pp. 277-289 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Kathryn Parsons ◽  
Marcus Butavicius ◽  
Malcolm Pattinson ◽  
...  
Keyword(s):  
Information Security ◽  
Job Stress ◽  
The Body ◽  
Future Research ◽  
Security Awareness ◽  
Content Type ◽  
Information Security Awareness ◽  
Positive Effects ◽  
Human Aspects ◽  
The Relationship

Purpose The purpose of this study was to investigate the relationship between resilience, job stress and information security awareness (ISA). The study examined the effect of resilience and job stress on the three components that comprise ISA, namely, knowledge, attitude and behaviour. Design/methodology/approach A total of 1,048 working Australians completed an online questionnaire. ISA was measured with the Human Aspects of Information Security Questionnaire. Participants also completed the Brief Resilience Scale and the Job Stress Scale. Findings It was found that participants with greater resilience also had higher ISA and experienced lower levels of job stress. More specifically, individuals who reported higher levels of resilience had significantly better knowledge, attitude and behaviour. Similarly, participants who reported lower levels of job stress also reported significantly better knowledge, attitude and behaviour. Resilience plays an important mediating role in the relationship between job stress and ISA. This means that even if people have high levels of job stress, if they are better able to cope with or adapt to stress (i.e. have higher resilience), they are less likely to have lower ISA. Results of this study add to the body of literature emphasising the positive effects of resilience and suggest that resilience is associated with improved ISA and therefore more secure behaviour. Research limitations/implications Future research should focus on assessing the influence of resilience training in the workplace. Originality/value Given the constructive findings, it may be valuable to focus on the effect of organisational culture, and organisational security culture, on resilience, job stress and ISA.

scholarly journals Applications of Machine Learning for the Classification of Porcine Reproductive and Respiratory Syndrome Virus Sublineages Using Amino Acid Scores of ORF5 Gene

2021 ◽  
Vol 8 ◽  
Author(s):  
Jeonghoon Kim ◽  
Kyuyoung Lee ◽  
Ruwini Rupasinghe ◽  
Shahbaz Rezaei ◽  
Beatriz Martínez-López ◽  
...  
Keyword(s):  
Machine Learning ◽  
Phylogenetic Analysis ◽  
Amino Acid ◽  
Random Forest ◽  
Real Time ◽  
Classification Model ◽  
Support Vector ◽  
Operating Characteristics ◽  
Orf5 Gene

Porcine reproductive and respiratory syndrome is an infectious disease of pigs caused by PRRS virus (PRRSV). A modified live-attenuated vaccine has been widely used to control the spread of PRRSV and the classification of field strains is a key for a successful control and prevention. Restriction fragment length polymorphism targeting the Open reading frame 5 (ORF5) genes is widely used to classify PRRSV strains but showed unstable accuracy. Phylogenetic analysis is a powerful tool for PRRSV classification with consistent accuracy but it demands large computational power as the number of sequences gets increased. Our study aimed to apply four machine learning (ML) algorithms, random forest, k-nearest neighbor, support vector machine and multilayer perceptron, to classify field PRRSV strains into four clades using amino acid scores based on ORF5 gene sequence. Our study used amino acid sequences of ORF5 gene in 1931 field PRRSV strains collected in the US from 2012 to 2020. Phylogenetic analysis was used to labels field PRRSV strains into one of four clades: Lineage 5 or three clades in Linage 1. We measured accuracy and time consumption of classification using four ML approaches by different size of gene sequences. We found that all four ML algorithms classify a large number of field strains in a very short time (<2.5 s) with very high accuracy (>0.99 Area under curve of the Receiver of operating characteristics curve). Furthermore, the random forest approach detects a total of 4 key amino acid positions for the classification of field PRRSV strains into four clades. Our finding will provide an insightful idea to develop a rapid and accurate classification model using genetic information, which also enables us to handle large genome datasets in real time or semi-real time for data-driven decision-making and more timely surveillance.

scholarly journals Predictive Modelling of Employee Turnover in Indian IT Industry Using Machine Learning Techniques

2019 ◽  
Vol 23 (1) ◽  
pp. 12-21 ◽  
Author(s):  
Shikha N. Khera ◽  
Divya
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Confusion Matrix ◽  
Predictive Modelling ◽  
Supervised Machine Learning ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
It Industry ◽  
Knowledge Based ◽  
Employee Attrition

Information technology (IT) industry in India has been facing a systemic issue of high attrition in the past few years, resulting in monetary and knowledge-based loses to the companies. The aim of this research is to develop a model to predict employee attrition and provide the organizations opportunities to address any issue and improve retention. Predictive model was developed based on supervised machine learning algorithm, support vector machine (SVM). Archival employee data (consisting of 22 input features) were collected from Human Resource databases of three IT companies in India, including their employment status (response variable) at the time of collection. Accuracy results from the confusion matrix for the SVM model showed that the model has an accuracy of 85 per cent. Also, results show that the model performs better in predicting who will leave the firm as compared to predicting who will not leave the company.

Sign in / Sign up

Export Citation Format

Share Document