IDIA2014 Home | Proceedings

8th IDIA Conference Hotels

IDIA2014 Conference
Port Elizabeth, South Africa
3-4 November 2014

Designing user security metrics for a security awareness at Higher and Tertiary Institutions

Fungai Bhunu Shava
Polytechnic of Namibia

Darelle Van Greunen
School of ICT, Institute for ICT Advancement
Nelson Mandela Metropolitan University
Port Elizabeth
South Africa

Full paper


Information security is at the heart of every organisation or individual who uses Information and Communication Technology (ICT) devices to socialize or for business. Security aims to ensure that users experience the three main goals of security: confidentiality, integrity and accountability (CIA). Despite the importance of security, very few organisations have proper plans to create awareness among their employees. Information security requires the user to be aware of the existence of security features on their electronic devices and to be able to use them appropriately. In a quest to establish the underlying reasons for increased exploitation despite the efforts in security solutions design, the focus is on awareness as a major factor influencing human behaviour. Online surveys were conducted to investigate security awareness levels in a case site. The case study was at an institution of higher and tertiary education in Namibia. Document review on security trends and approaches from selected leading industries was also done. Results show that most users are not aware of security policies operational in their organisation. In this paper we outline the security metrics that guide in formulating security awareness strategies.

Key words

Security awareness, metrics, policy awareness