Document Type

Dissertation

Rights

This item is available under a Creative Commons License for non-commercial use only

Publication Details

Dissertation submitted for th award of MSc in Computing (Knowledge Managment), 2008.

Abstract

Security awareness is very essential in securing intellectual property, in particular internal corporate information assets and its “Knowledge”. The dynamic nature of security attacks and the need to comply with government policies in protecting organisation’s data has a major influence on seeing organisations focus on strengthening against threats from the human element. This is a difficult challenge. Organisations must have a degree of trust their employees. They must trust their employees to interact responsibly as end-users with their information systems. They must trust their employees who work as developers to work responsibly and be motivated to develop systems with the organisations protection in mind. However organisations cannot expect all its employees to be educated in security issues before joining the organisation and therefore must take some responsibility for educating both users and developers on security issues and ethics. Although many organisations do have security policies and awareness programmes, many others don’t. Security awareness programmes and policies have varying degrees of success. Therefore the issue of how to improve the security awareness of all employees in organisations, and end-users in particular, is a hot topic. The project described in this dissertation identified user involvement in highlighting and protecting against security-relevant issues as crucial to ensuring privacy and security of organisational knowledge and corporate information assets. This project investigated how to harness the power of users by developing a framework from which a knowledge management system (KMS) was developed that provides a participatory education approach to security issues. The results of an extensive literature review and the views of security experts and non-experts were used to develop a web based prototype KMS which was evaluated by a group of academic users in higher educational institute in Tanzania. The results of this evaluation were then distributed to security experts and top executives for assessment of using such a KMS to improve security user awareness across the organisation.

Share

COinS