The International Arab Journal of Information Technology (IAJIT)

..............................
..............................
..............................


Towards Personalized User Training for Secure Use of Information Systems

Information Systems (IS) represent an integral part of our lives, both in the organizational and personal sphere. To use them securely, users must be properly trained. The main problem is that most training processes still use the one-size-fits- all approach where users receive the same kind of learning material. In addition, personalized training may be a more suitable approach however a comprehensive process for IS user profiling and personalized IS user training improvement has not been introduced yet. This paper proposes a novel approach for personalized user training for secure use of IS to fill in this gap. The proposed approach focuses on three key dimensions (i.e., the personalization process, selection of training tools and materials, and participants) and is composed of five phases covering the identification of key IS security elements, IS user profiling and personalization of IS security training. It is scalable to all company sizes and aims to lower both the IS training costs and optimization of outcomes. As a side-effect, it also helps to lower user resistance to participation in IS security training.

[1] Aldawood H. and Skinner G., “Reviewing Cyber Security Social Engineering Training and Awareness Programs-Pitfalls and Ongoing Issues,” Future Internet, vol. 11, no. 3, pp. 73, 2019.

[2] Alfoudari A., Durugbo C., and Aldhmour F., “Understanding Socio-Technological Challenges of Smart Classrooms Using A Systematic Review,” Computers and Education, vol. 173, pp. 104282, 2021.

[3] Choi S., Martins J., and Bernik I., “Information security: Listening to the Perspective of Organisational Insiders,” Journal of Information Science, vol. 44, no. 6, pp.752-767, 2018.

[4] Coenraad M., Pellicone A., Ketelhut D., Cukier M., Plane J., and Weintrop D., “Experiencing Cybersecurity one Game at a Time: A Systematic Review of Cybersecurity Digital Games,” Simulation and Gaming, vol. 51, no. 5, pp. 586- 611, 2020.

[5] Deng Y., Lu D., Chung C.J., Huang D., and Zeng Z., “Personalized Learning in a Virtual Hands-on Lab Platform for Computer Science Education,” in Proceedings of IEEE Frontiers in Education Conference, San Jose, pp. 1-8, 2019.

[6] Ding Y., Meso P., and Xu S., “A Theoretical Model for Customizable Learning/Training to Ehance Individuals’ Systems Security Behavior,” in Proceedings of Americas Conference on Information Systems, pp. 1-8, 2015.

[7] Dorobăt I. and Năstase F., “Personalized Training in Romanian SME’s ERP Implementation Projects,” Informatica Economica Journal, vol. 14, no. 3 pp. 116-127, 2010.

[8] Ellatif M., Salama S., Helmy Y., and Ouf S., “Semantic Web based Algorithm for Personalized Learning Environment,” International Journal of Computer Science and Information Security, vol. 5, no. 6, pp. 86-107, 2016.

[9] ENISA., “Threat Landscape 2020-Data Breach,” Technical Report, 2020.

[10] Fan H. and Poole M., “What is Personalization? Perspectives on the Design and Implementation of Personalization in Information Systems,” 312 The International Arab Journal of Information Technology, Vol. 19, No. 3, May 2022 Journal of Organizational Computing and Electronic Commerce, vol. 16, no. 3, pp. 179- 202, 2006.

[11] Fujs D., Vrhovec S., and Vavpotič D., “Bibliometric Mapping of Research on User Training for Secure Use of Information Systems,” Journal of Universal Computer Science, vol. 26, no. 7, pp. 764-782, 2020.

[12] Geršak V. and Geršak G., “Wearables in the classroom-Psychophysiology in Education,” Elektrotehniski Vestnik/Electrotechnical Review, vol. 88, no. 3, pp. 113-120, 2021.

[13] Ghafir I., Saleem J., Hammoudeh M., Faour H., Prenosil V., Jaf S., Jabbar S., and Baker T., “Security Threats to Critical Infrastructure: the Human Factor,” Journal of Supercomputing, vol. 74, no. 10 pp. 4986-5002, 2018.

[14] He W. and Zhang Z., “Enterprise Cybersecurity Training and Awareness Programs: Recommendations for Success,” Journal of Organizational Computing and Electronic Commerce, vol. 29, no. 4, pp. 249-257, 2019.

[15] House N., “The Complete Cyber Security Course : Hackers Exposed!,” (UDEMY). Volume1: Become a Cyber Security Specialist, Learn How to Stop Hackers, Prevent Hacking, Learn IT Security and INFOSEC, Last Visited, 2021.

[16] Katsantonis M., Fouliras P., and Mavridis I., “Conceptual Analysis of Cyber Security Education Based on Live Competitions,” in Proceedings of IEEE Global Engineering Education Conference, Athens, pp. 771-779, 2017.

[17] Mangaroska K., Vesin B., and Giannakos M., “Elo-Rating Method: Towards Adaptive Assessment in E-Learning,” in Proceedings of IEEE 19th International Conference on Advanced Learning Technologies, Maceio, pp. 380-382, 2019.

[18] Rea-Guaman A., San Feliu T., Calvo-Manzano J., and Sanchez-Garcia I., “Comparative Study of Cybersecurity Capability Maturity Models,” in Proceedings of International Conference on Software Process Improvement and Capability Determination, Palma de Mallorca, pp. 100-113, 2017.

[19] Reichelt M., Kämmerer F., Niegemann H.M., and Zander S., “Talk to me personally: Personalization of language style in computer- based learning,” Computers in Human Behavior, vol. 35, pp. 199-210, 2014.

[20] Sedkaoui S. and Khelfaoui M., “Understand, Develop and Enhance the Learning Process with Big Data,” Information Discovery and Delivery, vol. 47, no. 1, pp. 2-16, 2019.

[21] Tabash M., Abd Allah M., and Tawfik B., “Intrusion Detection Model Using Naive Bayes and Deep Learning Technique,” The International Arab Journal of Information Technology, vol. 17, no. 2, pp. 215-224, 2020.

[22] Troussas C., Krouska A., and Sgouropoulou C., “Collaboration and Fuzzy-Modeled Personalization for Mobile Game-Based Learning in Higher Education,” Computers and Education, vol. 144, pp. 103698, 2020.

[23] Vasileiou I. and Furnell S., “Enhancing Security Education Recognising Threshold Concepts and Other Influencing Factors,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, Madeira, pp. 398- 403, 2018.

[24] Vasileiou I. and Furnell S., “Personalising Security Education: Factors Influencing Individual Awareness and AC,” in Proceedings of ICISSP-Information Systems Security and Privacy: 4th International Conference, Madeira, pp. 189-200, 2018.

[25] Vavpotič D., Žvanut B., and Trobec I., “A Comparative Evaluation of E-Learning and Traditional Pedagogical Process Elements,” Educational Technology and Society, vol. 16, no. 3, pp. 76-87, 2013.

[26] “Wages and Labour Costs,” https://ec.europa.eu/eurostat/statistics- explained/index.php?title=Wages_and_labour_co sts, Last Visited, 2021.

[27] Wang D., Han H., Zhan Z., Xu J., Liu Q., and Ren G., “A Problem Solving Oriented Intelligent Tutoring System to Improve Students’ Acquisition of Basic Computer Skills,” Computers and Education, vol. 81, pp. 102-112, 2015.

[28] Yamin M., Katt B., and Gkioulos V., “Cyber Ranges and Security Testbeds: Scenarios, Functions, Tools and Architecture,” Computers and Security, vol. 88, pp. 101636, 2020.

[29] Zeng W., “A Methodology for Cost-benefit Analysis of Information Security Technologies,” Concurrency Computation: Practice and Experience, vol. 31, no. 7, 2019.

[30] Zhang J., Guo Y., and Chen Y., “Collaborative Detection of Cyber Security Threats in Big Data,” The International Arab Journal of Information Technology, vol. 16, no. 2, pp. 186- 193, 2019.