Comparing Information Assurance Awareness Training for End-Users: A Content Analysis Examination of Air Force and Defense Information Systems Agency User Training Modules

Abstract

Today, the threats to information security and assurance are great. While there are many avenues for IT professionals to safeguard against these threats, many times these defenses prove useless against typical system users. Mandated by laws and regulations, all government agencies and most private companies have established information assurance (IA) awareness programs, most of which include user training. Much has been given in the existing literature to laying out the guidance for the roles and responsibilities of IT professionals and higher level managers, but less is specified for "everyday" users of information systems. This thesis attempts to determine the content necessary to educate system users of their roles and responsibilities for IA. Using the NIST Special Publication 800-50 as a guide, categories of threats and knowledge areas are established and the literature is analyzed and separated into the categories. The thesis closes with a comparison of the IA awareness training modules of the United State's Air Force and Defense Information Systems Agency and a discussion of areas of further research concerning IA awareness training.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2008
Accession Number
ADA482729

Entities

People

  • John W. Fruge

Organizations

  • Air Force Institute of Technology

Tags

DTIC Thesaurus Topics

  • Air Force
  • Computer Crime
  • Computer Network Security
  • Computer Programming
  • Computers
  • Configuration Management
  • Cybersecurity
  • Department Of Defense
  • Department Of Veterans Affairs
  • Electronic Mail
  • Engineering
  • Governments
  • Information Security
  • Information Systems
  • Law
  • Social Engineering
  • United States

Readers

  • Cybersecurity.
  • Systems Analysis and Design