Measuring and evaluating information security awareness with Bloom’s Taxonomy
Research findings among employees of economic organizations
DOI:
https://doi.org/10.56665/PADIPE.2023.3.2Keywords:
information security, social engineering, Bloom’s TaxonomyAbstract
Raising awareness of information security can help economic organizations keep their information more secure and prevent employees from exposing information to attackers without intention. But how can we measure how aware the organization's employees are?What areas do they still need to train? The measurement and development can be facilitated by Bloom's taxonomy. It is widely used in the field of education and describes learners' progress through a pyramid of interdependent levels. Information security experts have previously suggested the use of the Bloom taxonomy in the field, but so far there has been no publication on measurement results. The research surveyed 220 employees from economic organizations in questionnaire form, measuring their knowledge on cognitive levels, as well as on the affective domain, which has been given less weight in information security research so far. Affective levels can help determine the users' emotions and how well information security is integrated into their value system. Do they recognize the problems but are unwilling to deal with them? Or are they interested in the topic but lack sufficient knowledge about it? The study presents in detail the results of the cognitive and affective levels achieved by the respondents, such as how familiar they are with types of electronic information security, whether they can recognize a fake tax authority website, or how often they read about current security issues and discuss them with their contacts. Furthermore, the results reveal whether information security knowledge is correlated with age or IT work. With the help of these results, professionals working on information security awareness can get guidance on how to design their training programs, what kind of knowledge assessment tools to use, and which areas require training for users based on the current survey.
References
Amin, R. W., Sevil, H. E., Kocak, S., Francia III, G., & Hoover, P. (2021). The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study. Information 2021., 12(2)
Anderson, L. W., & Krathwohl, D. R. (szerk.). (2001). A taxonomy for learning, teaching and assessing: A revision of Bloom’s Taxonomy of educational objectives: Complete edition. Longman.
Cormack, G. V. (2008). Email Spam Filtering: A Systematic Review. now. https://ieeexplore.ieee.org/document/8187090 (Utolsó hozzáférés: 2024.05.05.)
Csath M. (2022. április 13.). Hiány van informatikusokból vagy nincs? növekedés.hu https://novekedes.hu/mag/hiany-van-informatikusbol-vagy-nincs (Utolsó hozzáférés: 2024.05.05.)
Dimock, M. (2019). Defining generations: Where Millenials end and Generation Z begins. Pew Research Center https://www.pewresearch.org/fact-tank/2019/01/17/where-millennials-end-and-generation-z-begins/ (Utolsó hozzáférés: 2024.05.05.)
ESET (s.a.). Hogyan veszélyezteti ez a támadási forma vállalkozását? https://www.eset.com/hu/it-biztonsagitemak-
cegeknek/social-engineering/ (Utolsó hozzáférés: 2024.05.05.)
Have I Been Pwned (s.a.). https://haveibeenpwned.com/ (Utolsó hozzáférés: 2024.05.05.)
Központi Statisztikai Hivatal (2022. november 15.). 9.1.1.17. A vállalkozások teljesítménymutatói kis- és középvállalkozási kategória szerint. https://www.ksh.hu/stadat_files/gsz/hu/gsz0018.html (Utolsó hozzáférés: 2024.05.05.)
Központi Statisztikai Hivatal (2023. március 24.). 4 millió 691 ezer fő volt a foglalkoztatottak száma. https://www.ksh.hu/gyorstajekoztatok/#/hu/document/fog2302 (Utolsó hozzáférés: 2024.05.05.)
Nemzeti Kibervédelmi Intézet (2020. január 14.). Tájékoztatás a NAV nevével visszaélő adathalászattal kapcsolatban.
https://nki.gov.hu/figyelmeztetesek/tajekoztatas/tajekoztatas-a-nav-nevevel-visszaelo-adathalaszattalkapcsolatban/ (Utolsó hozzáférés: 2024.05.05.)
Ramsoonder, N. K., Kinnoo, S., Griffin, A. J., Valli, C., & Johnson, N. F. (2020). Optimizing Cyber Security Education: Implementation of Bloom’s Taxonomy for future Cyber Security workforce. In International Conference on Computational Science and Computational Intelligence (CSCI). https://ieeexplore.ieee.org/document/9458047 (Utolsó hozzáférés: 2024.05.05.)
Ollé J., Lévai D., Domonkos K., Szabó O., Papp-Danka A., Czirfusz D., Habók L., Tóth R., Takács A., & Dobó I. (2013). Digitális állampolgárság az információs társadalomban. ELTE Eötvös Kiadó. https://www.eltereader.hu/kiadvanyok/digitalis-allampolgarsag-az-informacios-tarsadalomban/ (Utolsó hozzáférés: 2024.05.05.)
Van Niekerk, J., & von Solms, R. (2013). Using Bloom’s Taxonomy for Information Security Education. In Dodge, R.C., & Futcher, L. (szerk.). Information Assurance and Security Education and Training. WISE WISE WISE 2013 2011 2009. IFIP Advances in Information and Communication Technology. vol 406. Springer. https://link.springer.com/content/pdf/10.1007/978-3-642-39377-8_33.pdf (Utolsó hozzáférés: 2024.05.05.)
White, G., (2024). Higher Education Model for Security Literacy using Bloom’s Revised Taxonomy. Cybersecurity Pedagogy and Practice Journal 3(1) pp 27-36. https://www.cppj.info/2024-3/n1/CPPJv3n1p27.html (Utolsó hozzáférés: 2024.05.06.)
