Corporate information security education: Is outcomes based education the solution?

IFIP Advances in Information and Communication Technology

Volumn 148, Issue , 2004, Pages 3-18

  van Niekerk, Johan ^a   von Solms, Rossouw ^a  

^a NELSON MANDELA METROPOLITAN UNIVERSITY   (South Africa)

Author keywords

Awareness; Information security; Information security culture; Outcomes based education

Indexed keywords

COMPUTER PRIVACY; EDUCATION; SECURITY OF DATA;

AWARENESS; BEHAVIORAL THEORY; CORPORATE INFORMATION; EDUCATIONAL PRINCIPLES; GLOBAL ECONOMIES; INFORMATION RESOURCE; INFORMATION SECURITY CULTURES; SECURITY CONTROLS;

INFORMATION MANAGEMENT;

EID: 84902481869     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (29)

1. Barnard, L., Von Solms, R. (2000). A Formalized Approach to the Effective Selection and Evaluation of Information Security Controls. Computers and Security, 19(2): pp. 185-194.
2. British Standards Institute (BSI) (1999), BS 7799 Part 1: Code of Practice for Information Security Management (CoP), BSI, UK.
3. Dhillon, G. (1999) Managing and controlling computer misuse, Information Management & Computer Security, 7 (4), pp. 171-175.
4. Department of Education (DOE). (2001) Draft Revised National Curriculum Statement: Technology Learning Area. Department of Education. Available at: http://education.pwv.gov.za/DoE_Sites/Curriculum/New_2005/draft_revised_national_curriculu.htm
5. Fingar, P. (1996). The blueprint for business objects. New York, New York: SIGS Books & Multimedia Guidelines to the Management of Information Technology Security (GMITS). (1995). Part 1, ISO/IEC, JTC 1, SC27, WG 1.
6. ITiCSE Working Group on the Web and Distance Learning (1997). The Web and distance learning:what is appropriate and what is not. ITiCSE'97 Working Group Reports and Supplemental Proceedings, pp. 27-37.
7. Killen, R. (2000). Outcomes-Based education: Principles and Possibilities. Unpublished manuscript, University of Newcastle, Faculty of Education. [WWW document]. URL http://www.schools.nt.edu.au/curricbr/cf/outcomefocus/killen_paper.pdf. Sited 20 August 2003.
8. Laudon, K. C., Laudon, J. P. (2002). Management Information Systems: Managing the Digital Firm (7th ed). New Jersey, USA: Prentice Hall.
9. Malan, S.P.T. (2000) The 'new paradigm' of outcomes-based education in perspective. Tydskrif vir Gesinsekologie en Verbruikerswetenskappe (28), South Africa.
10. Martins, A., Eloff, J.H.P. (2002) Assessing Information Security Culture. ISSA 2002, Muldersdrift, South Africa, 10-12 July 2002.
11. Mitnick, K.D., Simon, W.L. (2002) The art of deception: Controlling the human element of security. United States of America: Wiley Publishing, Inc.
12. National Institute of Standards and Technology (NIST). (1998). Information Technology Security Training Requirements: A Role- and Performance-Based Model. NIST Special Publication 800-16. U.S. Government Printing Office, Washington.
13. Nosworthy, J. D. (2000) Implementing Information Security In the 21st Century - Do You Have the Balancing Factors? Computer & Security (19), pp. 337-347. Elsevier Science Ltd.
14. O'Brien, J. A. (1999) Management Information Systems: Managing Information Technology in the Internetworked Enterprise (4th ed.). United States of America: Irwin/McGraw-Hill.
15. Olivier, C. (1998), Educate and Train: Outcomes-Based. Pretoria, South Africa. J.L. van Schaik.
16. Pretorius, F. (1998). Outcomes-based Education in South Africa. Randburg, South Africa: Hodder and Stoughton Educational.
17. South African Qualifications Authority (SAQA) (2000). The National Qualifications Framework and Curriculum Development. Retrieved on 10 September 2003 from URL http://www.saqa.org.za
18. Schlienger, T., Teufel, S. (2003) Information Security Culture - From Analysis to Change. Proceedings of the 3rd Annual Information Security South Africa Conference, 9-11 July 2003, Sandton, South Africa, pp. 183-196.
19. Siebörger, R. (1998). Transforming Assessment: A guide for South African teachers. Cape Town, RSA: JUTA.
20. Siponen, M.T. (2001). Five Dimensions of Information Security Awareness. Computers and Society, June 2001. Pp. 24-29.
21. Tait, B. (1997). Object Orientation in educational software. Innovations in Education and Training International, 34 (3). Pp. 167-173.
22. Thomson, M. (1998). The development of an effective information security awareness program for use in an organization. Unpublished master's thesis. Port Elizabeth Technikon, Port Elizabeth, South Africa.
23. Tripathi, A. (2000) Education in Information Security. IEEE Concurrency, October-December 2000, pp. 4-8.
24. Turban, E., Mclean, E., Wetherbe, J. (2002). Information technology for management: Transforming business in the digital economy (3rd Ed).United States of America. John Wiley & Sons, inc.
25. Van Niekerk, J., Von Solms, R. (2003). Establishing an Information Security Culture in Organisations: An Outcomes Based Education Approach. Proceedings of the 3rd Annual Information Security South Africa Conference, 9-11 July 2003, Sandton, South Africa, pp. 3-12.
26. Von Solms, B. (2000) Information Security - The Third Wave? Computers & Security, 19 (7), pp. 615-620.
27. Von Solms, R. (1999) Information Security Management: why standards are important. Information Management & Computer Security, 7 (1), pp. 50-57.
28. Whitman, M. E., Mattord, H. J. (2003) Principles of Information Security. Canada: Thomson Course Technology.
29. Wood, C.C. (1997) Policies alone do not constitute a sufficient awareness effort. Computer Fraud & Security, December 1997, pp. 14-19.