WO2018070887A1 - A method for auditing the state of knowledge, skills and prudence and for motivating employees - Google Patents

A method for auditing the state of knowledge, skills and prudence and for motivating employees Download PDF

Info

Publication number
WO2018070887A1
WO2018070887A1 PCT/PL2016/000118 PL2016000118W WO2018070887A1 WO 2018070887 A1 WO2018070887 A1 WO 2018070887A1 PL 2016000118 W PL2016000118 W PL 2016000118W WO 2018070887 A1 WO2018070887 A1 WO 2018070887A1
Authority
WO
WIPO (PCT)
Prior art keywords
employees
security
employee
awareness
auditing
Prior art date
Application number
PCT/PL2016/000118
Other languages
French (fr)
Inventor
Jakub REJMAN
Original Assignee
Esecure Sp. Z O.O.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Esecure Sp. Z O.O. filed Critical Esecure Sp. Z O.O.
Priority to GBGB1717186.9A priority Critical patent/GB201717186D0/en
Publication of WO2018070887A1 publication Critical patent/WO2018070887A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Definitions

  • the invention relates to a method for auditing the state of knowledge, skills and prudence of employees and motivating them under the "security awareness" programme using security audit.
  • a method is known for running social engineering tests automatically using the SAVA system, which, however, is burdened with the following difficulties: How to send phishing e-mails so as to prevent the security system of the corporate e-mail server (including anti-spam) from blocking such e-mails? How to send phishing SMS? How to build websites so that they are trustworthy (e.g. available by their DNS name and not the IP address)?
  • Another difficulty which needs to be tackled is the evaluation of the social engineering test, i.e. a reliable determination whether the employee received a positive or negative result of the audit.
  • the essence of the invention consists in creating algorithms for automated auditing of employees where a virtual mentor based on model incentive programmes creates individual incentive programmes for employees and management staff, then based on the awai-eness building matrix and the education requirements matrix establishes a list including a report on attacks against the computer and makes changes in the matrix.
  • the security audit under the "security awareness" programme requires preparation of appropriate tools and scenarios for social engineering tests. Each person undergoing a security test will have the opportunity to check their resistance to social engineering tricks. Analysis of proceeding particularly in the cases involving a negative result is the basis to bring to special attention specific techniques that the client fell victim to.
  • the rules for automated generation of guidelines to motivate employees under the "security awareness” programme based on the results of the audit of the employees have been resolved so that the range includes guidelines various groups of employees, i.e.: all employees, managers and IT staff responsible for the maintenance of technical security against threats targeted against users.
  • SAVA e-learning platform will present in an interactive for simulation tasks to perform. This will be implemented after the employees become familiar with the knowledge on the risks that they may encounter when using IT services.
  • Fig. 1 shows a flowchart of auditing employee security
  • Fig. 2 shows the functions of motivation development
  • Fig. 3 shows the functions of awareness building
  • Fig. 4 shows the algorithm for the security audit with the matrix.
  • Fig. 1 shows components of the SAVA system essential for auditing employee security and generating guidelines to motivate employees under the "security awareness" programme based on the results of the employee audit:
  • Example of a table of individual employee training programme Example of a table of individual employee training programme.
  • the awareness building function F 3 based on the audit modifies the education requirements matrix 5 accordingly and thereby orders repeated training in the "security awareness" issue, to which the negatively completed security audit of the employee related.
  • Fig. 1 shows elements of the SAVA system essential for generating guidelines to motivate employees under the "security awareness” programme based on the results of the employee audit, e.g.: F BS - awareness building function 3, F RM - motivation development function 8 and Employee Notification Module 7.
  • Fig. 2 The principle of creating guidelines to motivate employees in the SAVA system is shown in Fig. 2.
  • incentive programmes will be available for employees and management staff, including the ⁇ Disciplining" programme, where the employee's superior should have an educational talk with the employee in a situation when employee's behaviour threatens the security of the organisation (e.g. the employee received a negative result of a retaken security audit).
  • the "Virtual Mentor” 6 sends information to employees' superiors and directly to employees upon occurrence of various events (e.g. poor audit results).
  • Below algorithms have been included for the motivation development function F RM 8 essential for the interaction of the "Virtual Mentor” 6 with employees' superiors in the scope of sending guidelines to motivate employees.
  • the "Virtual Mentor” 6 sends guidelines to the employee's superior in the following situation, when employees received low scores of the E-mail Phishing and SMS Phishing mature behaviour index. Employee's superior should have an educational talk with the employee. Such employee behaviour threatens the security of the organisation.
  • the SAVA system will send recommendations relating to employee groups as follows: Every 5 days, the "Virtual Mentor” 6, based on the formulaTable of individual employee auditing" (see below) will establish a list of employees of particular organisational units, who for the last 5 days received a negative result of the retaken security audit. The "Virtual Mentor” 6 will send to each superior a list of e-mail addresses of his/her employees, specified in section 1 including a recommendation to have a serious educational talk.
  • the "Virtual Mentor” 6 will send as guidelines information on the consequences of security breaches that may be produced due to a negative employee behaviour, i.e.: consequences for the employee, such as financial losses, identity theft, loss of confidence of the superior and colleagues, or even disciplinary proceedings as well as the consequences for the company, such as loss of funds, long-term financial losses or bankruptcy, short-term financial losses due to the disrupted availability of key IT services, penalties for breach of confidentiality agreements, legal requirements and other regulations, reduced profits due to the loss of good image, reputation and confidence of customers and partners (some customers leaving to the competition), reduced profits due to restricted business activity or reduced profits due to valuable employees leaving the company.
  • consequences for the employee such as financial losses, identity theft, loss of confidence of the superior and colleagues, or even disciplinary proceedings as well as the consequences for the company, such as loss of funds, long-term financial losses or bankruptcy, short-term financial losses due to the disrupted availability of key IT services, penalties for breach of confidentiality agreements, legal requirements and other regulations, reduced profits due to the loss of good image, reputation and confidence
  • the SAVA system of the invention will send recommendations relating to employee groups as follows: Every 20 days, the "Virtual Mentor” 6, based on the spiritTable of performance metrics of the "security awareness "programme”vA ⁇ analyse mature behaviour indices from the last 20 days and detect the following situations:
  • the "Virtual Mentor” 6 When sending guidelines to motivate employees, the "Virtual Mentor” 6 should pay attention to who will be the object of motivation. As regards IT security, usually different arguments get to management staff compared to regular company employees. The "Virtual Mentor” 6, based on model incentive programmes, will create individual incentive programmes. Below are incentive programmes for employees and management staff essential for the Security Audit Module 2.
  • the SAVA system will send recommendations relating to employee groups as follows: every 5 days, the "Virtual Mentor" 6, based on the spiritAwareness building matrix” will establish a list of employees of particular organisational units, for whom the value of the field "Report on attacks against the user's computer” is 1.
  • the "Virtual Mentor” 6 will send to each superior a list of e-mail addresses of his/her employees, specified in section 1, along with guidelines to provide them with recommendations on cautious behaviour when facing intensified criminal activity.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Security & Cryptography (AREA)
  • Tourism & Hospitality (AREA)
  • Economics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method for auditing the state of knowledge, skills and prudence of employees and motivating them under the "security awareness" programme is characterised in that algorithms are created for automatically auditing employees under the "security awareness" adaptation programme (1), where a virtual mentor (6) based on model incentive programmes of a security audit (2) creates individual incentive programmes for employees and management staff. Then the virtual mentor (6) based on the awareness building matrix (4) and education requirements matrix (5) establishes a list including a report on attacks on the computer and makes changes in the matrix. Then the virtual mentor (6) develops a motivation development function (8) and transmits through a employee (7) notification module.

Description

A method for auditing the state of knowledge, skills
and prudence and for motivating employees
The invention relates to a method for auditing the state of knowledge, skills and prudence of employees and motivating them under the "security awareness" programme using security audit. A method is known for running social engineering tests automatically using the SAVA system, which, however, is burdened with the following difficulties: How to send phishing e-mails so as to prevent the security system of the corporate e-mail server (including anti-spam) from blocking such e-mails? How to send phishing SMS? How to build websites so that they are trustworthy (e.g. available by their DNS name and not the IP address)? Another difficulty which needs to be tackled is the evaluation of the social engineering test, i.e. a reliable determination whether the employee received a positive or negative result of the audit. Automated evaluation of the results of social engineering tests in the SAVA system at the stage of implementation of the application encounters the following difficulties: How to assess whether the tested employee entered a website? How to assess whether the tested employee opened a document? How to assess whether the tested employee shared sensitive data? Social engineering tests under the "security awareness" programme are designed to check whether the knowledge transferred to employees during training is applied by them in practice and whether the obligations of data protection are taken seriously by them. Also, the training is designed to transfer the knowledge on how to recognise social engineering attacks and develop procedures for the employees to follow in such cases. An equally important task is to make the employee understand the importance of the data in their possession. The employee security audit should be carried out using the same methods as those used by criminals, albeit maintaining ethical principles (the so-called Ethical Hacking). The essence of the invention consists in creating algorithms for automated auditing of employees where a virtual mentor based on model incentive programmes creates individual incentive programmes for employees and management staff, then based on the awai-eness building matrix and the education requirements matrix establishes a list including a report on attacks against the computer and makes changes in the matrix.
The security audit under the "security awareness" programme requires preparation of appropriate tools and scenarios for social engineering tests. Each person undergoing a security test will have the opportunity to check their resistance to social engineering tricks. Analysis of proceeding particularly in the cases involving a negative result is the basis to bring to special attention specific techniques that the client fell victim to. The rules for automated generation of guidelines to motivate employees under the "security awareness" programme based on the results of the audit of the employees have been resolved so that the range includes guidelines various groups of employees, i.e.: all employees, managers and IT staff responsible for the maintenance of technical security against threats targeted against users. SAVA e-learning platform will present in an interactive for simulation tasks to perform. This will be implemented after the employees become familiar with the knowledge on the risks that they may encounter when using IT services.
The object of the invention has been outlined as to its embodiment in the schematic drawings wherein Fig. 1 shows a flowchart of auditing employee security, Fig. 2 shows the functions of motivation development, Fig. 3 shows the functions of awareness building, Fig. 4 shows the algorithm for the security audit with the matrix.
Fig. 1 shows components of the SAVA system essential for auditing employee security and generating guidelines to motivate employees under the "security awareness" programme based on the results of the employee audit:
1- adaptation "security awareness" programme of the employee,
2- security audit module,
3- F(BS) - awareness building function,
4- S(b) - awareness building matrix,
5- K(b) - education requirements matrix,
6- Virtual Mentor,
7- employee notification module,
8- F(RM) - motivation development function
Based on the functions available and elements of the SAVA computer system, algorithms have been developed for automated employee auditing under the "security awareness" programme. The SAVA system keeps in the database data relevant for the security audit module 2.
Example of a table of individual employee training programme.
Figure imgf000004_0001
Figure imgf000005_0003
Repeated training and retaken social engineering tests will be carried out in the SAVA computer system for the employees who have achieved poor results of the security audit. The awareness building function F 3 based on the audit modifies the education requirements matrix 5 accordingly and thereby orders repeated training in the "security awareness" issue, to which the negatively completed security audit of the employee related.
Figure imgf000005_0001
"Virtual Mentor" 6 for employees who have received a negative result of the retaken security audit sends notifications 7 to their superiors with the recommendation to motivate employees to change inappropriate behaviour. In the event of a positive result, it adjusts the education requirements matrix 5 accordingly.
Figure imgf000005_0002
Automated generation of guidelines to motivate employees under the "security awareness" programme (in relation to employee auditing) is based on methods developed for the interaction of the "Virtual Mentor" module 6 with the superiors of the employees to provide guidelines to motivate employees. Fig. 1 shows elements of the SAVA system essential for generating guidelines to motivate employees under the "security awareness" programme based on the results of the employee audit, e.g.: FBS - awareness building function 3, FRM - motivation development function 8 and Employee Notification Module 7.
Interaction of the"Virtual Mentor" 6 with employees' superiors will be carried out mainly using the awareness building function FBS 3 and the motivation development function FRM 8. As regards employee auditing, the following situations where the "Virtual Mentor" 6 sends notifications 7 to employees' superiors and directly to employees:
- The employee received a negative result of a retaken security audit 2 (i.e. demonstrated a negative behaviour during the security audit 2 and the retaken audit). Employee's superior should have an educational talk with the employee. Such employee behaviour threatens the security of the organisation. The "Virtual Mentor" 6 sends notifications 7 to employees' superiors.
- Employees received low scores of the E-mail Phishing and SMS Phishing mature behaviour index. Disparaging employee approach to prudent behaviour threatens the security of the organisation. The "Virtual Mentor" 6 orders to retake specific training lessons and sends notifications 7 directly to employees.
The principle of creating guidelines to motivate employees in the SAVA system is shown in Fig. 2. As regards the employee auditing in the SAVA system, incentive programmes will be available for employees and management staff, including the ^Disciplining" programme, where the employee's superior should have an educational talk with the employee in a situation when employee's behaviour threatens the security of the organisation (e.g. the employee received a negative result of a retaken security audit).
Motivating in the SAVA computer system is dynamic in nature, as described in Fig. 3. The "Virtual Mentor" 6 sends information to employees' superiors and directly to employees upon occurrence of various events (e.g. poor audit results). Below algorithms have been included for the motivation development function FRM 8 essential for the interaction of the "Virtual Mentor" 6 with employees' superiors in the scope of sending guidelines to motivate employees. The "Virtual Mentor" 6 sends guidelines to the employee's superior in the following situation, when employees received low scores of the E-mail Phishing and SMS Phishing mature behaviour index. Employee's superior should have an educational talk with the employee. Such employee behaviour threatens the security of the organisation. System of performance metrics of the "security awareness" programme essential for security audit module 2
Figure imgf000007_0001
The SAVA system will send recommendations relating to employee groups as follows: Every 5 days, the "Virtual Mentor" 6, based on the„Table of individual employee auditing" (see below) will establish a list of employees of particular organisational units, who for the last 5 days received a negative result of the retaken security audit. The "Virtual Mentor" 6 will send to each superior a list of e-mail addresses of his/her employees, specified in section 1 including a recommendation to have a serious educational talk.
The "Virtual Mentor" 6 will send as guidelines information on the consequences of security breaches that may be produced due to a negative employee behaviour, i.e.: consequences for the employee, such as financial losses, identity theft, loss of confidence of the superior and colleagues, or even disciplinary proceedings as well as the consequences for the company, such as loss of funds, long-term financial losses or bankruptcy, short-term financial losses due to the disrupted availability of key IT services, penalties for breach of confidentiality agreements, legal requirements and other regulations, reduced profits due to the loss of good image, reputation and confidence of customers and partners (some customers leaving to the competition), reduced profits due to restricted business activity or reduced profits due to valuable employees leaving the company.
The SAVA system of the invention will send recommendations relating to employee groups as follows: Every 20 days, the "Virtual Mentor" 6, based on the„Table of performance metrics of the "security awareness "programme"vA\\ analyse mature behaviour indices from the last 20 days and detect the following situations:
• „E-mail Phishing" index below 80%
• „SMS Phishing" index below 80%
Upon detection in section 1 of indices of mature behaviour of low value, the "Virtual Mentor" 6 will send warnings and guidelines to employees in relation to changing their behaviour as regards security. Additionally, in the form of collective reports, employees' superiors should find out who was guilty of security negligence and have educational talks with them. It is mandatory if employees receive a negative results of the retaken security audit (information given in the „Table of individual employee auditing').
Two indices of mature behaviour, E-mail Phishing and SMS Phishing, will be automatically calculated in their entirety using the tools of the S AVA system.
When sending guidelines to motivate employees, the "Virtual Mentor" 6 should pay attention to who will be the object of motivation. As regards IT security, usually different arguments get to management staff compared to regular company employees. The "Virtual Mentor" 6, based on model incentive programmes, will create individual incentive programmes. Below are incentive programmes for employees and management staff essential for the Security Audit Module 2.
Figure imgf000008_0001
Figure imgf000009_0002
Employees who received negative results of a security audit should be motivated to modify their behaviour, and in the long-term to consolidate proper attitudes (e.g. understanding the need to care about security). Periodically (e.g. once a month), the "Virtual Mentor" will send a request to the competent responsible person from the IT department or security department to draw up a report on the operation of security technology of the information and communication system (including next- generation firewall, IPS, anti-virus, URL Filtering, DLP) on attacks targeted against users.
Awareness building function FBS 3 for the employees who have received a negative result of the security audit 2 in the„Awareness building matrix" 4, the field„Report on attacks against the user's computer" will set to value of 1. The SAVA system will send recommendations relating to employee groups as follows: every 5 days, the "Virtual Mentor" 6, based on the„Awareness building matrix" will establish a list of employees of particular organisational units, for whom the value of the field "Report on attacks against the user's computer" is 1.
The "Virtual Mentor" 6 will send to each superior a list of e-mail addresses of his/her employees, specified in section 1, along with guidelines to provide them with recommendations on cautious behaviour when facing intensified criminal activity.
The algorithm for the function FBS 3 in the scope of transfer of reports on attacks against users' computers
Figure imgf000009_0001
Figure imgf000010_0001

Claims

Claims
1. A method for auditing the state of knowledge, skills and prudence of employees and motivating them under the "security awareness" programme characterised in that algorithms are created for automatically auditing employees under the "security awareness" adaptation programme (1), where a virtual mentor (6) based on model incentive programmes of a security audit (2) creates individual incentive programmes for employees and management staff.
2. A method according to claim 1, characterised in that the virtual mentor (6) based on the awareness building matrix (4) and education requirements matrix (5) establishes a list including a report on attacks on the computer and makes changes in the matrix.
3. A method according to claim 1, characterised in that the virtual mentor (6) develops a motivation development function (8) and transmits through a notification module to an employee (7).
PCT/PL2016/000118 2016-10-10 2016-10-26 A method for auditing the state of knowledge, skills and prudence and for motivating employees WO2018070887A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GBGB1717186.9A GB201717186D0 (en) 2016-10-26 2016-10-26 No title

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PLP.419041 2016-10-10
PL419041A PL419041A1 (en) 2016-10-10 2016-10-10 Method for auditing the state of knowledge, skills and caution and motivating of employees

Publications (1)

Publication Number Publication Date
WO2018070887A1 true WO2018070887A1 (en) 2018-04-19

Family

ID=57543121

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2016/000118 WO2018070887A1 (en) 2016-10-10 2016-10-26 A method for auditing the state of knowledge, skills and prudence and for motivating employees

Country Status (2)

Country Link
PL (1) PL419041A1 (en)
WO (1) WO2018070887A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109861977A (en) * 2018-12-28 2019-06-07 北京红山瑞达科技有限公司 A kind of method that promotion personnel awareness of network security is promoted

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8484741B1 (en) * 2012-01-27 2013-07-09 Chapman Technology Group, Inc. Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams
US20140199663A1 (en) * 2011-04-08 2014-07-17 Wombat Security Technologies, Inc. Method and system for controlling context-aware cybersecurity training
US8793799B2 (en) * 2010-11-16 2014-07-29 Booz, Allen & Hamilton Systems and methods for identifying and mitigating information security risks
US20150287336A1 (en) * 2014-04-04 2015-10-08 Bank Of America Corporation Automated phishing-email training

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8793799B2 (en) * 2010-11-16 2014-07-29 Booz, Allen & Hamilton Systems and methods for identifying and mitigating information security risks
US20140199663A1 (en) * 2011-04-08 2014-07-17 Wombat Security Technologies, Inc. Method and system for controlling context-aware cybersecurity training
US8484741B1 (en) * 2012-01-27 2013-07-09 Chapman Technology Group, Inc. Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams
US20150287336A1 (en) * 2014-04-04 2015-10-08 Bank Of America Corporation Automated phishing-email training

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109861977A (en) * 2018-12-28 2019-06-07 北京红山瑞达科技有限公司 A kind of method that promotion personnel awareness of network security is promoted
CN109861977B (en) * 2018-12-28 2021-04-30 北京红山瑞达科技有限公司 Method for promoting personnel network security awareness to be improved

Also Published As

Publication number Publication date
PL419041A1 (en) 2018-04-23

Similar Documents

Publication Publication Date Title
AU2017101666A4 (en) Cyber Security System and Method
US9729590B2 (en) Digital communication and monitoring system and method designed for school communities
US20150229664A1 (en) Assessing security risks of users in a computing network
Kouatli Managing cloud computing environment: Gaining customer trust with security and ethical management
Assenza et al. A review of methods for evaluating security awareness initiatives
Pullin Cybersecurity: positive changes through processes and team culture
Choejey et al. Cybersecurity practices for e-Government: an assessment in Bhutan
Oettinger Learn Computer Forensics: A beginner's guide to searching, analyzing, and securing digital evidence
Proctor Investigating the efficacy of cybersecurity awareness training programs
Shukla et al. A comparative study of cyber security awareness, competence and behavior
WO2018070887A1 (en) A method for auditing the state of knowledge, skills and prudence and for motivating employees
Mittal An Empirical Study on Cybersecurity Awareness, Cybersecurity Concern, and Vulnerability to Cyber-attacks
Rjaibi et al. Mean failure cost as a measurable value and evidence of cybersecurity: E-learning case study
Price Reducing the risk of a data breach using effective compliance programs
Poepjes The development and evaluation of an information security awareness capability model: linking ISO/IEC 27002 controls with awareness importance, capability and risk
WO2014185981A2 (en) Digital communication and monitoring system and method designed for school communities
Sumner et al. Preliminary Analysis of Privacy Implications Observed in Social-Media Posts Across Shopping Platforms
North et al. Information Security and Ethics Awareness: A Concise Comparative Investigation.
Yang Literature review of information security practice survey reports
Popescu The Right to Information and Cybersecurity
Haythornthwaite et al. Social Media as Fragile State
Crotty et al. Lessons from practice: insights on cybersecurity strategy for business leaders, from SMEs to global enterprises
Calder The case for ISO27001: 2013
Wijesekera et al. Awareness of Cybercrimes Among Postgraduate Facebook Users in a State University of Sri Lanka
Kouatli The ten commandments of cloud computing security management

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 1717186.9

Country of ref document: GB

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16810101

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16810101

Country of ref document: EP

Kind code of ref document: A1