SlideShare ist ein Scribd-Unternehmen logo
1 von 23
Downloaden Sie, um offline zu lesen
THE NEED FOR EFFECTIVE
INFORMATION SECURITY
AWARENESS PRACTICES IN OMAN
HIGHER EDUCATIONAL
INSTITUTIONS
Mr. Rajasekar Ramalingam
Mr. Shimaz Khan
Mr. Shameer Mohammed
Ministry of Higher Education,
Sur College of Applied Sciences,
Department of Information Technology,
Post Box: 484 Post Code: 411, Sultanate of Oman
Symposium on Communication, Information Technology and Biotechnology:
Current Trends and Future Scope, Sur College of Applied Sciences, Ministry
of Higher education, Sultanate of Oman, 12th and 13th May, 2015
1
PRESENTATION PATH
 Introduction
 Internet usage in Oman
 IT Security incidents in Oman
 Proposed work
 Key findings
 Effective usage
 Organization network awareness
 Threat awareness
 Password management
 Content awareness
 Security practices awareness
 ITSACAS Approach
 Conclusion
2
1. INTRODUCTION
 Internet technology & Mobile Technology.
 Online transactions and electronic data transfer.
 In the late 1990s: Melissa and Code Red
 Information security - received attention globally.
 Since then: Spam emails, Identity theft, Data leakage,
Phishing, Adware, Intrusion etc.,
 Considerable impact on the information assets of
organization / individuals.
 Cybercrime incidents – increases globally.
 Sultanate of Oman is also a victim.
3
2. INTERNET USAGE IN OMAN
 According to the World Internet usage statistics news:
Internet users:
 Oman constitutes - 2.1% of worldwide internet users.
 2,139,540 - internet users (December 31st, 2013)
Card usage in Oman:
 2008 – 1.9 million
 2012 – 3.3 million
 2013 – 3.6 million
 2017 – 4.4 million (Forecast)
 Increase in internet usage and online transactions -
increases the number of cybercrime incidents in Oman.
 ITA (2012 & 13) - Significant increase in the number of
cybercrime incidents in Oman. 4
3. IT SECURITY INCIDENTS IN OMAN
 As per the ITA annual report (2012 and 2013):
 Increase of 13.5% reported incidents.
 200% increase of Malware incidents.
 10,84,369 malicious attempts were prevented & analyzed.
 19,171 malicious attempts against government networks
were identified & prevented.
 25,827 vulnerabilities were discovered.
 9,41,079 malicious wares were analyzed.
 6,59,090 web violations were analyzed and prevented.
 15,855 security attacks discovered & handled - OCERT.
5
6
Figure 1: Number and classification of incidents – 2012
(Source: ITA Annual report 2012)
7
Figure 2: The Malware statistics for each month in 2012 – OCERT
(Source: ITA Annual report 2012)
4. PROPOSED WORK
 Survey
 Education institutions in Oman
 To investigate the level of information security awareness.
 Entities: Students, Technical staff and Academic staff.
 ISAIM – Proposed model – Survey
 The survey attracted 173 respondents.
 Results were correlated and analyzed.
 The areas of weakness were identified.
 ITSACAS approach – increase security awareness.
8
4.1 INFORMATION SECURITY AWARENESS
IDENTIFICATION MODEL (ISAIM)
 The proposed model - 6 key elements.
9
Security
Practice
Effectiv
e Usage
Organiz
ation
Awaren
ess
Threats
Awaren
ess
Protecti
on
Awaren
ess
Content
Awaren
ess
10
ISAIM
Demogra
phics
Internet
Usage
Organizatio
n’s network
knowledge
Security
Practices
Email
security
Password
managem
ent
Security
threats
experience
11
S# Name of the Educational Institution S# Name of the Educational Institution
1 Al Buraimi University College 10 Sohar College of Applied Sciences
2 Higher College of Technology
(Muscat)
11 Nizwa College of Technology
3 Ibra College of Technology 12 Oman College of Management Technology
4 Salalah College of Technology 13 Al Sharqiyah University
5 Sur College of Applied Sciences 14 German University of Technology in Oman
6 Waljat College of Applied Sciences 15 Ibri College of Applied Sciences
7 Majan University College 16 Sultan Qaboos University
8 College of Applied Sciences, Rustaq 17 Caledonian College of Engineering
9 Sohar University 18 College of applied sciences – Salalah
5. EFFECTIVE USAGE - KEY FINDINGS
12
Age Group 18 to 29 – 34%
Educational Qualification 35% - Graduates
38% - Masters
23% - PhD
Academic staff. 54%
Smart phone device 70%
Purpose of using Internet Emailing
Educational References
Net Banking
Internet usage 27% - 2 to 3 Hrs. / Day
14% - More than 7 Hrs. / Day
6. ORGANIZATION AWARENESS – KEY FINDINGS
13
Yes No Don’t
Know
Does your organization practice any IS-MS
Standard(ISO 27001)
39.4% 21.9% 38.7%
Does your organization use local firewall 88.4% 3.9% 7.7%
Does your organization use a IDS. 41.3% 10.3% 48.4%
Does your organization use DMZ 22.9% 13.1% 64.1%
Does your organization uses any AV
Software
92.9% 3.9% 3.2%
14
Yes No Do not
know
Does your organization have a written
security policy
44.5% 17.1% 38.4%
Does your organization have any
reporting mechanism for security issues
37% 25.3% 37.7%
Did you ever reported to your
organization about any security issues?
32.2% 67.8%
7. THREAT AWARENESS – KEY FINDINGS
15
Yes No Do not
know
Have you ever been attacked through the
Internet
55.7% 38.9% 5.4%
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
Viruses Spam Adware Phishing Intrusions Password
theft
Other
If yes, please choose the type of attack you have
experienced, Check that apply:
16
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
Lose of personal
data
Lose of money System Crash Block of any
account
Other
If you have been attacked, choose the loss that you faced:
71%
12%
4%
13%
Number of Security Attacks
1 - 3 4 - 6 7 - 10 Above 10
8. PASSWORD MANAGEMENT AWARENESS
17
3% 3%
19%
56%
19%
Frequency of changing the password
Daily Once in weak Once in month Once the application insists Never
Choosing 17.6% uses same password for all web
applications
Construct 16.3% using personal information
Managing 7.9% uses password management tools
21% Write it and keep it safe
Changing 19.3% Never change password
56.4% Once Application insists
9. CONTENT AWARENESS
18
32% interested in opening an email from the unknown
source.
39% No email policy in the institution.
23% Email policies - I do not know & I could not
understand.
84% Do not reveal their personal information.
3% Willing to provide their bank details.
19
Confident in organization’s protection against information security risk?
Answer Options Response Percent
Very confident 26.6%
Confident 34.7%
Somewhat confident 24.2%
No confident 14.5%
Does you organization conducted any security awareness program?
Answer Options Response Percent
Yes 44.4%
No 55.6%
How many information security training programs do you attended in the past 12
month?
Answer Options Response Percent
1 to 3 29.1%
4 to 6 4.7%
More than 6 7.1%
None 59.1%
10. SECURITY PRACTICE AWARENESS
20
Identify
Plan
Educate
Measure
11. The ITSACAS approach
C1: Information Security awareness training
C2: Security awareness using social media
C3: Security awareness using posters
C4: Creating awareness on IT law
C5: Promoting the usage of security tools
C6: Security awareness through interactive
media
• Monitor
• Evaluate
• Target group.
• Approach
• Team
• Tools
• Schedule
• Timeline
• Resource utilization
• Technical assistance
12. Conclusion
 IT security awareness - an essential / foundational element.
 To assure the nation’s information assets are protected.
 Found several important issues that need to be addressed.
 Basic knowledge on security exist.
 As an individual, the knowledge of information security awareness is considerably
better but as an institution, information security awareness should be improved
 Still not aligned to the security practices.
 Urgency on the part of the government, other professional bodies and the educational
institution to educate users about the information security needs of an institution.
 Implementing awareness training programs will solve the problems to some extend.
21
13. REFERENCES
 [1] http://www.prweb.com
 [2] http://www.internetworldstats.com/stats.htm, Miniwatts Marketing Group, 2010 Internet World Stats.
 [3] A framework of anti-phishing measures aimed at protecting the online consumer's identity, Butler, The
electronic library, 25, 517-533.
 [4] http://localazon.com/pro/oman-online-retail-sales-report/ , Oman Online Retail Sales Report.
 [5]https://timetric.com/research/report/VR0938MR/, Emerging Opportunities in Oman’s Cards and
Payments Industry
 [6] Information Technology Authority – Oman, Annual Report- 2012-2013.
 [7] Mishandling of Classified Information. In: PRESIDENT, E. O. O. T. (Ed.). Washington, D.C., Lew, J.J.,
Wikileaks
 [8] Phishing Websites Detection based on Phishing Characteristics in the Webpage Source Code,
MonaGotaishAlkhozae
 [9] http://en.wikipedia.org/wiki/AdWords
 [10] Md. Shafiqul Islam, Syed AhsiqurRehman, Anomaly Intrusion Detection System in wireless Networks
:Security threats and existing approaches, International Journal of Advanced Science and Technology ,
Vol 36, November 2011.
 [11] Bulgurcu, B, Cavusoglu, H & Benbasat, I 2010, ‘Information Security Policy Compliance: An Empirical
Study of Rationality-Based Beliefs and Information Security Awareness’, MIS Quarterly, vol. 34, no. 3, pp.
523-A7.
 [12]http://www.fiercecio.com/story/colleges-and-universities-among-highest-risk-data-breaches/2014-08-
21
 [13] Hagen, JM, Albrechtsen, E & Hovden, J 2008, ‘Implementation and effectiveness of organizational
information security measures’, Information Management & Computer Security, vol. 16, no. 4, pp. 377-
397.
22
23
Thank You

Weitere ähnliche Inhalte

Was ist angesagt?

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security TrainingAngela Samuels
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Security Awareness Training by HIMSS Louisiana Chapter
Security Awareness Training by HIMSS Louisiana ChapterSecurity Awareness Training by HIMSS Louisiana Chapter
Security Awareness Training by HIMSS Louisiana ChapterAtlantic Training, LLC.
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutMarc Vael
 

Was ist angesagt? (20)

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security Training
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Security Awareness Training by HIMSS Louisiana Chapter
Security Awareness Training by HIMSS Louisiana ChapterSecurity Awareness Training by HIMSS Louisiana Chapter
Security Awareness Training by HIMSS Louisiana Chapter
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
 

Ähnlich wie The need for effective information security awareness practices.

IRJET- Review on Cyber Security Situational Awareness among Parents
IRJET- Review on Cyber Security Situational Awareness among ParentsIRJET- Review on Cyber Security Situational Awareness among Parents
IRJET- Review on Cyber Security Situational Awareness among ParentsIRJET Journal
 
International Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryInternational Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryCompTIA
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey ReportDImension Data
 
International Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryInternational Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryCompTIA
 
It consumerisation presentation
It  consumerisation presentationIt  consumerisation presentation
It consumerisation presentationrevaathey
 
It consumerisation presentation
It  consumerisation presentationIt  consumerisation presentation
It consumerisation presentationrevaathey
 
e-AGE 2014 Proceedings_1st article
e-AGE 2014 Proceedings_1st articlee-AGE 2014 Proceedings_1st article
e-AGE 2014 Proceedings_1st articleAizharkyn Burkanova
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
International Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryInternational Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryCompTIA
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
International Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryInternational Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryCompTIA
 
International Technology Adoption & Workforce Issues Study - Japan Summary
International Technology Adoption & Workforce Issues Study - Japan SummaryInternational Technology Adoption & Workforce Issues Study - Japan Summary
International Technology Adoption & Workforce Issues Study - Japan SummaryCompTIA
 

Ähnlich wie The need for effective information security awareness practices. (20)

IRJET- Review on Cyber Security Situational Awareness among Parents
IRJET- Review on Cyber Security Situational Awareness among ParentsIRJET- Review on Cyber Security Situational Awareness among Parents
IRJET- Review on Cyber Security Situational Awareness among Parents
 
International Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryInternational Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East Summary
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report
 
International Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryInternational Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand Summary
 
It consumerisation presentation
It  consumerisation presentationIt  consumerisation presentation
It consumerisation presentation
 
It consumerisation presentation
It  consumerisation presentationIt  consumerisation presentation
It consumerisation presentation
 
e-AGE 2014 Proceedings_1st article
e-AGE 2014 Proceedings_1st articlee-AGE 2014 Proceedings_1st article
e-AGE 2014 Proceedings_1st article
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in Cybersecurity
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
International Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryInternational Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India Summary
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
International Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryInternational Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian Summary
 
International Technology Adoption & Workforce Issues Study - Japan Summary
International Technology Adoption & Workforce Issues Study - Japan SummaryInternational Technology Adoption & Workforce Issues Study - Japan Summary
International Technology Adoption & Workforce Issues Study - Japan Summary
 

Mehr von CAS

CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCAS
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4CAS
 
RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3CAS
 
RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2CAS
 
RRB JE Stage 2 Computer and Applications Questions Part 1
RRB JE Stage 2 Computer and Applications  Questions Part 1RRB JE Stage 2 Computer and Applications  Questions Part 1
RRB JE Stage 2 Computer and Applications Questions Part 1CAS
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Introduction to research methodology
Introduction to research methodologyIntroduction to research methodology
Introduction to research methodologyCAS
 
Can you solve this
Can you solve thisCan you solve this
Can you solve thisCAS
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentialityCAS
 
Public key cryptography and message authentication
Public key cryptography and message authenticationPublic key cryptography and message authentication
Public key cryptography and message authenticationCAS
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspectsCAS
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Human resources security
Human resources securityHuman resources security
Human resources securityCAS
 
Database security
Database securityDatabase security
Database securityCAS
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)CAS
 

Mehr von CAS (20)

CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4RRB JE Stage 2 Computer and Applications Questions Part 4
RRB JE Stage 2 Computer and Applications Questions Part 4
 
RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3RRB JE Stage 2 Computer and Applications Questions part 3
RRB JE Stage 2 Computer and Applications Questions part 3
 
RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2
 
RRB JE Stage 2 Computer and Applications Questions Part 1
RRB JE Stage 2 Computer and Applications  Questions Part 1RRB JE Stage 2 Computer and Applications  Questions Part 1
RRB JE Stage 2 Computer and Applications Questions Part 1
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Introduction to research methodology
Introduction to research methodologyIntroduction to research methodology
Introduction to research methodology
 
Can you solve this
Can you solve thisCan you solve this
Can you solve this
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentiality
 
Public key cryptography and message authentication
Public key cryptography and message authenticationPublic key cryptography and message authentication
Public key cryptography and message authentication
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspects
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Human resources security
Human resources securityHuman resources security
Human resources security
 
Database security
Database securityDatabase security
Database security
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)
 

Kürzlich hochgeladen

Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 

Kürzlich hochgeladen (12)

Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 

The need for effective information security awareness practices.

  • 1. THE NEED FOR EFFECTIVE INFORMATION SECURITY AWARENESS PRACTICES IN OMAN HIGHER EDUCATIONAL INSTITUTIONS Mr. Rajasekar Ramalingam Mr. Shimaz Khan Mr. Shameer Mohammed Ministry of Higher Education, Sur College of Applied Sciences, Department of Information Technology, Post Box: 484 Post Code: 411, Sultanate of Oman Symposium on Communication, Information Technology and Biotechnology: Current Trends and Future Scope, Sur College of Applied Sciences, Ministry of Higher education, Sultanate of Oman, 12th and 13th May, 2015 1
  • 2. PRESENTATION PATH  Introduction  Internet usage in Oman  IT Security incidents in Oman  Proposed work  Key findings  Effective usage  Organization network awareness  Threat awareness  Password management  Content awareness  Security practices awareness  ITSACAS Approach  Conclusion 2
  • 3. 1. INTRODUCTION  Internet technology & Mobile Technology.  Online transactions and electronic data transfer.  In the late 1990s: Melissa and Code Red  Information security - received attention globally.  Since then: Spam emails, Identity theft, Data leakage, Phishing, Adware, Intrusion etc.,  Considerable impact on the information assets of organization / individuals.  Cybercrime incidents – increases globally.  Sultanate of Oman is also a victim. 3
  • 4. 2. INTERNET USAGE IN OMAN  According to the World Internet usage statistics news: Internet users:  Oman constitutes - 2.1% of worldwide internet users.  2,139,540 - internet users (December 31st, 2013) Card usage in Oman:  2008 – 1.9 million  2012 – 3.3 million  2013 – 3.6 million  2017 – 4.4 million (Forecast)  Increase in internet usage and online transactions - increases the number of cybercrime incidents in Oman.  ITA (2012 & 13) - Significant increase in the number of cybercrime incidents in Oman. 4
  • 5. 3. IT SECURITY INCIDENTS IN OMAN  As per the ITA annual report (2012 and 2013):  Increase of 13.5% reported incidents.  200% increase of Malware incidents.  10,84,369 malicious attempts were prevented & analyzed.  19,171 malicious attempts against government networks were identified & prevented.  25,827 vulnerabilities were discovered.  9,41,079 malicious wares were analyzed.  6,59,090 web violations were analyzed and prevented.  15,855 security attacks discovered & handled - OCERT. 5
  • 6. 6 Figure 1: Number and classification of incidents – 2012 (Source: ITA Annual report 2012)
  • 7. 7 Figure 2: The Malware statistics for each month in 2012 – OCERT (Source: ITA Annual report 2012)
  • 8. 4. PROPOSED WORK  Survey  Education institutions in Oman  To investigate the level of information security awareness.  Entities: Students, Technical staff and Academic staff.  ISAIM – Proposed model – Survey  The survey attracted 173 respondents.  Results were correlated and analyzed.  The areas of weakness were identified.  ITSACAS approach – increase security awareness. 8
  • 9. 4.1 INFORMATION SECURITY AWARENESS IDENTIFICATION MODEL (ISAIM)  The proposed model - 6 key elements. 9 Security Practice Effectiv e Usage Organiz ation Awaren ess Threats Awaren ess Protecti on Awaren ess Content Awaren ess
  • 11. 11 S# Name of the Educational Institution S# Name of the Educational Institution 1 Al Buraimi University College 10 Sohar College of Applied Sciences 2 Higher College of Technology (Muscat) 11 Nizwa College of Technology 3 Ibra College of Technology 12 Oman College of Management Technology 4 Salalah College of Technology 13 Al Sharqiyah University 5 Sur College of Applied Sciences 14 German University of Technology in Oman 6 Waljat College of Applied Sciences 15 Ibri College of Applied Sciences 7 Majan University College 16 Sultan Qaboos University 8 College of Applied Sciences, Rustaq 17 Caledonian College of Engineering 9 Sohar University 18 College of applied sciences – Salalah
  • 12. 5. EFFECTIVE USAGE - KEY FINDINGS 12 Age Group 18 to 29 – 34% Educational Qualification 35% - Graduates 38% - Masters 23% - PhD Academic staff. 54% Smart phone device 70% Purpose of using Internet Emailing Educational References Net Banking Internet usage 27% - 2 to 3 Hrs. / Day 14% - More than 7 Hrs. / Day
  • 13. 6. ORGANIZATION AWARENESS – KEY FINDINGS 13 Yes No Don’t Know Does your organization practice any IS-MS Standard(ISO 27001) 39.4% 21.9% 38.7% Does your organization use local firewall 88.4% 3.9% 7.7% Does your organization use a IDS. 41.3% 10.3% 48.4% Does your organization use DMZ 22.9% 13.1% 64.1% Does your organization uses any AV Software 92.9% 3.9% 3.2%
  • 14. 14 Yes No Do not know Does your organization have a written security policy 44.5% 17.1% 38.4% Does your organization have any reporting mechanism for security issues 37% 25.3% 37.7% Did you ever reported to your organization about any security issues? 32.2% 67.8%
  • 15. 7. THREAT AWARENESS – KEY FINDINGS 15 Yes No Do not know Have you ever been attacked through the Internet 55.7% 38.9% 5.4% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% Viruses Spam Adware Phishing Intrusions Password theft Other If yes, please choose the type of attack you have experienced, Check that apply:
  • 16. 16 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% Lose of personal data Lose of money System Crash Block of any account Other If you have been attacked, choose the loss that you faced: 71% 12% 4% 13% Number of Security Attacks 1 - 3 4 - 6 7 - 10 Above 10
  • 17. 8. PASSWORD MANAGEMENT AWARENESS 17 3% 3% 19% 56% 19% Frequency of changing the password Daily Once in weak Once in month Once the application insists Never Choosing 17.6% uses same password for all web applications Construct 16.3% using personal information Managing 7.9% uses password management tools 21% Write it and keep it safe Changing 19.3% Never change password 56.4% Once Application insists
  • 18. 9. CONTENT AWARENESS 18 32% interested in opening an email from the unknown source. 39% No email policy in the institution. 23% Email policies - I do not know & I could not understand. 84% Do not reveal their personal information. 3% Willing to provide their bank details.
  • 19. 19 Confident in organization’s protection against information security risk? Answer Options Response Percent Very confident 26.6% Confident 34.7% Somewhat confident 24.2% No confident 14.5% Does you organization conducted any security awareness program? Answer Options Response Percent Yes 44.4% No 55.6% How many information security training programs do you attended in the past 12 month? Answer Options Response Percent 1 to 3 29.1% 4 to 6 4.7% More than 6 7.1% None 59.1% 10. SECURITY PRACTICE AWARENESS
  • 20. 20 Identify Plan Educate Measure 11. The ITSACAS approach C1: Information Security awareness training C2: Security awareness using social media C3: Security awareness using posters C4: Creating awareness on IT law C5: Promoting the usage of security tools C6: Security awareness through interactive media • Monitor • Evaluate • Target group. • Approach • Team • Tools • Schedule • Timeline • Resource utilization • Technical assistance
  • 21. 12. Conclusion  IT security awareness - an essential / foundational element.  To assure the nation’s information assets are protected.  Found several important issues that need to be addressed.  Basic knowledge on security exist.  As an individual, the knowledge of information security awareness is considerably better but as an institution, information security awareness should be improved  Still not aligned to the security practices.  Urgency on the part of the government, other professional bodies and the educational institution to educate users about the information security needs of an institution.  Implementing awareness training programs will solve the problems to some extend. 21
  • 22. 13. REFERENCES  [1] http://www.prweb.com  [2] http://www.internetworldstats.com/stats.htm, Miniwatts Marketing Group, 2010 Internet World Stats.  [3] A framework of anti-phishing measures aimed at protecting the online consumer's identity, Butler, The electronic library, 25, 517-533.  [4] http://localazon.com/pro/oman-online-retail-sales-report/ , Oman Online Retail Sales Report.  [5]https://timetric.com/research/report/VR0938MR/, Emerging Opportunities in Oman’s Cards and Payments Industry  [6] Information Technology Authority – Oman, Annual Report- 2012-2013.  [7] Mishandling of Classified Information. In: PRESIDENT, E. O. O. T. (Ed.). Washington, D.C., Lew, J.J., Wikileaks  [8] Phishing Websites Detection based on Phishing Characteristics in the Webpage Source Code, MonaGotaishAlkhozae  [9] http://en.wikipedia.org/wiki/AdWords  [10] Md. Shafiqul Islam, Syed AhsiqurRehman, Anomaly Intrusion Detection System in wireless Networks :Security threats and existing approaches, International Journal of Advanced Science and Technology , Vol 36, November 2011.  [11] Bulgurcu, B, Cavusoglu, H & Benbasat, I 2010, ‘Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness’, MIS Quarterly, vol. 34, no. 3, pp. 523-A7.  [12]http://www.fiercecio.com/story/colleges-and-universities-among-highest-risk-data-breaches/2014-08- 21  [13] Hagen, JM, Albrechtsen, E & Hovden, J 2008, ‘Implementation and effectiveness of organizational information security measures’, Information Management & Computer Security, vol. 16, no. 4, pp. 377- 397. 22