Call for Paper

CAE solicits original research papers for the July 2021 Edition. Last date of manuscript submission is June 30, 2021.

Read More

Importance of Information Security Education and Awareness in Ghana

Patrick Kwaku Kudjo, Dickson Keddy Wornyo, Elias Nii Noi Ocquaye. Published in Information Sciences.

Communications on Applied Electronics
Year of Publication: 2017
Publisher: Foundation of Computer Science (FCS), NY, USA
Authors: Patrick Kwaku Kudjo, Dickson Keddy Wornyo, Elias Nii Noi Ocquaye
10.5120/cae2017652479

Patrick Kwaku Kudjo, Dickson Keddy Wornyo and Elias Nii Noi Ocquaye. Importance of Information Security Education and Awareness in Ghana. Communications on Applied Electronics 6(6):30-35, January 2017. BibTeX

@article{10.5120/cae2017652479,
	author = {Patrick Kwaku Kudjo and Dickson Keddy Wornyo and Elias Nii Noi Ocquaye},
	title = {Importance of Information Security Education and Awareness in Ghana},
	journal = {Communications on Applied Electronics},
	issue_date = {January 2017},
	volume = {6},
	number = {6},
	month = {Jan},
	year = {2017},
	issn = {2394-4714},
	pages = {30-35},
	numpages = {6},
	url = {http://www.caeaccess.org/archives/volume6/number6/699-2016652479},
	doi = {10.5120/cae2017652479},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

The advent of the computer age has incited an increasing interest in the fundamental data sets that can now easily be stored and investigated. The introduction of computer network and internet bridges the communication barriers between millions of people hereby making security an inevitable issue to deal with. There are several aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting of passwords. One essential aspect for secure communication is that of cryptography, the recent growth in business, education and communication of Ghana’s economy cause for a toughly cyber security education and awareness. Most Cyber-attacks are due to lack of education, awareness and users who ignore security practices. We propose to use a survey and experiment to create a model to improve the level of information security education and awareness in the country.

References

  1. R. Power, 2002 CSI/FBI computer crime and security survey: Computer Security Institute, 2002.
  2. R. Richardson and C. Director, "CSI computer crime and security survey," Computer Security Institute, vol. 1, pp. 1-30, 2008.
  3. L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson, "2006 CSI/FBI computer crime and security survey," Computer Security Journal, vol. 22, p. 1, 2006.
  4. R. Power, "CSI/FBI Computer Crime and Security Survey, 1999," Computer Security Issues & Trends, vol. 5, 1999.
  5. S. Collier and A. Lakoff, "The vulnerability of vital systems: how ‘critical infrastructure’became a security problem," The Politics of Securing the Homeland: Critical Infrastructure, Risk and Securitisation, pp. 40-62, 2008.
  6. D. M. White, "Federal Information Security Management Act of 2002: A Potemkin Village, The," Fordham L. Rev., vol. 79, p. 369, 2010.
  7. J. J. Gonzalez and A. Sawicka, "A framework for human factors in information security," in WSEAS International Conference on Information Security, Rio de Janeiro, 2002, pp. 448-187.
  8. J. D. Howard, "An analysis of security incidents on the Internet 1989-1995," DTIC Document1997.
  9. M. Carlton and Y. Levy, "Expert assessment of the top platform independent cybersecurity skills for non-IT professionals," in SoutheastCon 2015, 2015, pp. 1-6.
  10. A. Singh and B. Kapoor, "Analysis of the Human Factor behind Cyber Attacks," 2016.
  11. B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness," MIS quarterly, vol. 34, pp. 523-548, 2010.
  12. F. Cervone, "Understand the Big Picture So You Can Plan for Network Security," Computers in libraries, vol. 25, pp. 10-15, 2005.
  13. M. Siponen and A. Vance, "Neutralization: new insights into the problem of employee information systems security policy violations," MIS quarterly, pp. 487-502, 2010.
  14. J. L. Spears and H. Barki, "User participation in information systems security risk management," MIS quarterly, pp. 503-522, 2010.
  15. E. McFadzean, J.-N. Ezingeard, and D. Birchall, "Perception of risk and the strategic impact of existing IT on information security strategy at board level," Online Information Review, vol. 31, pp. 622-660, 2007.
  16. D. Zagar and K. Grgic, "IPv6 security threats and possible solutions," in 2006 World Automation Congress, 2006, pp. 1-7.
  17. S. Standard, R. Greenlaw, A. Phillips, D. Stahl, and J. Schultz, "Network reconnaissance, attack, and defense laboratories for an introductory cyber-security course," ACM Inroads, vol. 4, pp. 52-64, 2013.
  18. N. C. Rowe and H. C. Goh, "Thwarting cyber-attack reconnaissance with inconsistency and deception," in Information Assurance and Security Workshop, 2007. IAW'07. IEEE SMC, 2007, pp. 151-158.
  19. G. Dua, N. Gautam, D. Sharma, and A. Arora, "Replay attack prevention in Kerberos authentication protocol using triple password," arXiv preprint arXiv:1304.3550, 2013.
  20. T. Xiang, K.-w. Wong, and X. Liao, "Cryptanalysis of a password authentication scheme over insecure networks," Journal of Computer and system Sciences, vol. 74, pp. 657-661, 2008.
  21. W.-H. Yang and S.-P. Shieh, "Password authentication schemes with smart cards," Computers & Security, vol. 18, pp. 727-733, 1999.
  22. C.-K. Chan and L.-M. Cheng, "Cryptanalysis of a timestamp-based password authentication scheme," Computers & Security, vol. 21, pp. 74-76, 2001.
  23. L. Fan, J.-H. Li, and H.-W. Zhu, "An enhancement of timestamp-based password authentication scheme," Computers & Security, vol. 21, pp. 665-667, 2002.
  24. N. Haller, "The s/key (tm) one-time password system," in Symposium on Network and Distributed System Security, 1994, pp. 151-157.
  25. M.-S. Hwang and L.-H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, pp. 28-30, 2000.
  26. H.-M. Sun, "An efficient remote use authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, pp. 958-961, 2000.
  27. C.-T. Li and M.-S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart cards," Journal of Network and computer applications, vol. 33, pp. 1-5, 2010.
  28. E.-J. Yoon, E.-K. Ryu, and K.-Y. Yoo, "Further improvement of an efficient password based remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 50, pp. 612-614, 2004.
  29. M. L. Das, A. Saxena, and V. P. Gulati, "A dynamic ID-based remote user authentication scheme," IEEE transactions on Consumer Electronics, vol. 50, pp. 629-631, 2004.
  30. H.-Y. Chien, J.-K. Jan, and Y.-M. Tseng, "An efficient and practical solution to remote authentication: smart card," Computers & Security, vol. 21, pp. 372-375, 2002.
  31. J. Lee, S. Ryu, and K. Yoo, "Fingerprint-based remote user authentication scheme using smart cards," Electronics Letters, vol. 38, p. 1, 2002.
  32. C.-C. Chang and S.-J. Hwang, "Using smart cards to authenticate remote passwords," Computers & Mathematics with Applications, vol. 26, pp. 19-27, 1993.
  33. W. Shiuh-Jeng and C. Jin-Fu, "Smart card based secure password authentication scheme," Computers & Security, vol. 15, pp. 231-237, 1996.
  34. I.-E. Liao, C.-C. Lee, and M.-S. Hwang, "A password authentication scheme over insecure networks," Journal of Computer and System Sciences, vol. 72, pp. 727-740, 2006.
  35. V. B. Srinivas and S. Umar, "Spoofing attacks in wireless sensor networks," International Journal of Science, Engineering and Computer Technology, vol. 3, p. 201, 2013.
  36. M. Bishop and L. Heberlein, "Attack class: Address spoofing," in Proceedings of the Nineteenth National Information Systems Security Conference, 1996, pp. 371-377.
  37. E. W. Felten, D. Balfanz, D. Dean, and D. S. Wallach, "Web spoofing: An internet con game," Software World, vol. 28, pp. 6-8, 1997.
  38. V. Santiraveewan and Y. Permpoontanalarp, "A graph-based methodology for analyzing ip spoofing attack," in Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on, 2004, pp. 227-230.
  39. B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, and A. Jamalipour, "A survey of routing attacks in mobile ad hoc networks," IEEE Wireless Communications, vol. 14, pp. 85-91, 2007.
  40. A. Ornaghi and M. Valleri, "Man in the middle attacks," in Blackhat Conference Europe, 2003.
  41. F. Callegati, W. Cerroni, and M. Ramilli, "Man-in-the-Middle Attack to the HTTPS Protocol," IEEE Security and Privacy, vol. 7, pp. 78-81, 2009.
  42. D. Kügler, "“Man in the Middle” Attacks on Bluetooth," in International Conference on Financial Cryptography, 2003, pp. 149-161.
  43. I. Dacosta, M. Ahamad, and P. Traynor, "Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties," in European Symposium on Research in Computer Security, 2012, pp. 199-216.
  44. A. Ornaghi and M. Valleri, "Man in the middle attacks Demos," Blackhat [Online Document], vol. 19, 2003.
  45. S. Gangan, "A review of man-in-the-middle attacks," arXiv preprint arXiv:1504.02115, 2015.
  46. J. Belenguer and C. T. Calafate, "A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments," in The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007), 2007, pp. 122-127.
  47. P. Thermos, "Two attacks against VoIP," Symantec, Retrieved March, vol. 13, p. 2011, 2006.
  48. M. Maxim and D. Pollino, Wireless security: McGraw-Hill/Osborne, 2002.
  49. X. Gu and R. Hunt, "Wireless LAN attacks and vulnerabilities," the proceeding of IASTED Networks and Communication Systems, 2005.
  50. R. Housley and T. Polk, Planning for PKI: best practices guide for deploying public key infrastructure: John Wiley & Sons, Inc., 2001.
  51. A. R. Metke and R. L. Ekl, "Security technology for smart grid networks," IEEE Transactions on Smart Grid, vol. 1, pp. 99-107, 2010.
  52. C. Latze, "Stronger Authentication in E-Commerce-How to protect even naıve Users against Phishing, Pharming, and MITM attacks," RVS Retreat 2007 at Quarten, 2007.
  53. I. M. Hegazy, T. Al-Arif, Z. T. Fayed, and H. M. Faheem, "A multi-agent based system for intrusion detection," IEEE Potentials, vol. 22, pp. 28-31, 2003.
  54. D. E. Bell and L. J. LaPadula, "Secure computer systems: Mathematical foundations," DTIC Document1973.
  55. T. Y. Lin, "Chinese Wall Security Policy Models: Information Flows and Conflicting Trojan Horses," 2003.
  56. D. F. Brewer and M. J. Nash, "The chinese wall security policy," in Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on, 1989, pp. 206-214.
  57. J. McLean, "Security models and information flow," in Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on, 1990, pp. 180-187.
  58. H. A. Kruger and W. D. Kearney, "A prototype for assessing information security awareness," computers & security, vol. 25, pp. 289-296, 2006.
  59. R. S. Shaw, C. C. Chen, A. L. Harris, and H.-J. Huang, "The impact of information richness on information security awareness training effectiveness," Computers & Education, vol. 52, pp. 92-100, 2009.
  60. B. D. Cone, C. E. Irvine, M. F. Thompson, and T. D. Nguyen, "A video game for cyber security training and awareness," computers & security, vol. 26, pp. 63-72, 2007.
  61. C. McCoy and R. T. Fowler, "You are the key to security: establishing a successful security awareness program," in Proceedings of the 32nd annual ACM SIGUCCS conference on User services, 2004, pp. 346-349.

Keywords

Access Control, Bell-La Padula, Cyber-Security, Cryptography, Education