Upload
doanhuong
View
216
Download
0
Embed Size (px)
Citation preview
EDUCATIONAL AND TRAINING MODEL OF SECURITY AWARENESS ON
MOBILE DEVICES FOR STUDENTS’
DZAIROL ADZRIEM BIN DIN
A project report submitted in partial fulfillment of the
requirements for the award of the degree of
Master of Computer Science (Information Security)
Faculty of Computer Science and Information Systems
Universiti Teknologi Malaysia
AUGUST 2012
iii
Alhamdulillah… thank you to Allah. Because of Him, I manage to reach at
this level. I lovingly dedicate this project to my beloved family, especially to my Dad
and Mom for instilling me the importance of hard work and higher education. Not
forgotten for your financial and moral support till your son got to complete this
study. Thank you so much.
I also dedicate this to my respected supervisor, Dr. Norafida Ithnin who gives
me knowledge, advices and encouragement towards the project.
Dear fellows’ friends, thanks for your kindness and moral support. Always
helping each other and motivate each other. Thank you so much. Those sweet
memories we all together will never be forget.
iv
ACKNOWLEDGEMENT
“Bismillahirrahmanirrahim”
In the name of Allah, the Most Gracious,
the Most Merciful and the Most Compassionate.
Alhamdulillah, all praise to Allah for the strengths and His blessing to
completing this research and thesis writing. My special appreciation goes to my
supervisor, Dr.Norafida Ithnin, who supervises in term of giving a useful knowledge
and constant support. Her invaluable help in constructive comments and suggestions
throughout the study have contributed to the success of my research. Not forgotten,
to express my appreciation to all lecturers of computer science faculty and dearest
UTM’s students who contributed to this research finding and also for their co-
operations.
Sincere thanks dedicate to all my lovely friends, especially “Dunia ScS
friends” and “Information Security Classmate” for their moral support and kindness
during my study. All the sweet memories will never forget and thanks for the
friendship and brotherhood.
Last but not least, deepest gratitude goes to my beloved parents; Mr. Din B.
Sabu and Mrs. Zainab Bt. Omar and also the rest of my family for their endless love,
prayers, encouragement, spiritual and financial help and support. To those who
indirectly contributed to this research, your kindnesses are highly appreciated. Thank
you so much.
Sincerely: Dzairol Adzriem , 2012
v
ABSTRACT
Nowadays technology has rapidly evolving. In mobile device technology, since it
has become a vital part of daily human life, the developers keep upgrading devices and
software to perform better. Smartphone has replaced cellular phone and it is widely use
due to the advance technology offered in the device. More similarity functions and features
of smartphone with computer are turning smartphones to be exposed to numerous security
threats such as malicious code (including virus, worm and Trojan) and other
vulnerabilities. Students often obsess in having an advance technology device but
unfortunately they lack of security awareness on their devices. Lack of security education
and feeling the device is secure enough has lead them to ignore to apply security features
to the device. Due to this matter, a study was conducted towards UTMs’ student by
distributing pre-survey question to identify their current state of awareness, concern and
knowledge of the technology. The result found that they still at low level of awareness
concern and necessarily to undergo for a proper education and training. Process Model of
educational and training of security awareness on mobile device has been designed to
guide ICT units to conducting the program. By implementing the course or program more
or less will increase the student’s security knowledge to be more aware to secure their
device from any unauthorized access.
vi
ABSTRAK
Teknologi semasa pesat berkembang untuk lebih maju. Dalam teknologi peranti
mudah alih, semenjak ia telah menjadi sebahagian penting dalam kehidupan manusia
seharian, pemaju berlumba-lumba menaik taraf peranti mudah alih kepada prestasi yang
lebih baik. Telefon pintar (Smartphone) telah menggantikan telefon bimbit dan ia telah
digunakan secara meluas disebabkan oleh kemajuan teknologi yang ditawarkan. Memiliki
sepenuhnya fungsi seakan-akan dan ciri-ciri telefon pintar dengan komputer membuat
peranti tersebut lebih terdedah kepada pelbagai ancaman keselamatan seperti “Malicios
Code” (termasuk juga “virus”, “worm” dan “trojan”) dan beberapa kelemahan yang lain.
Pelajar sering kali taksub dalam mempunyai teknologi yang canggih akan tetapi
kebiasaannya tahap kesedaran mereka amatlah kurang terhadap peranti mudah alih yang
dimiliki. Kekurangan pendidikan keselamatan dan berasakan peranti mereka sudah cukup
selamat menyebabkan para pelajar mengabaikan dalam menggunakan ciri-ciri keselamatan
kepada peranti mudah alih. Oleh kerana itu, kajian ini telah dijalankan kepada pelajar
UTM dengan mengedarkan soalan pra-kajian bagi mengenal pasti keadaan semasa tahap
kesedaran dan pengetahuan teknologi berkaitan. Keputusan didapati bahawa mereka masih
berada pada tahap kesedaran yang rendah dan seharusnya mereka perlu untuk menjalani
pendidikan dan latihan yang sepatutnya. Proses model pendidikan dan latihan kesedaran
keselamatan pada peranti mudah alih telah digubal untuk dijadikan panduan kepada unit
ICT untuk menjalankan program tersebut kepada pelajar. Dengan melaksanakan program
kursus, sedikit sebanyak akan meningkatkan kadar pengetahuan keselamatan pelajar untuk
menjadikan mereka lebih berhati-hati dalam mengelakkan peranti mudah alih mereka
daripada diakses tanpa kebenaran.
vii
TABLE OF CONTENT
CHAPTER TITLE PAGE
DECLARATION ii
DEDICATION iii
ACKNOWLEDGEMENTS iv
ABSTRACT v
ABSTRAK vi
TABLE OF CONTENTS vii
LIST OF TABLES xi
LIST OF FIGURES xii
LIST OF ABBREVIATION xiv
LIST OF APPENDIX xv
1 INTRODUCTION
1.1 Introduction 1
1.2 Problem Background 2
1.3 Problem Statement 3
1.4 Project Aims 5
1.5 Objectives 5
1.6 Project Scope 5
1.7 Significance of the Project 6
1.8 Report Organization 7
2 LITERATURE REVIEW
2.1 Introduction 9
2.2 Information Security Awareness 9
viii
2.3 Component of Security Awareness 10
2.3.1 Awareness 11
2.3.2 Training 12
2.3.3 Education 12
2.4 Current Stage of Security Awareness 12
2.5 Mobile Device Technology 18
2.5.1 Categories of Mobile Device 18
2.5.2 Mobile Application 20
2.5.3 Mobile Device Security and Threat/Attack 22
2.6 Existing Framework / Model / Guidelines / Slogans for
Security Awareness
27
2.6.1 The Continuum (A Role and Performance
Model)
28
2.6.2 NIST-SP800-50, Model 1: Centralized
Program Management Model
30
2.6.3 NIST-SP800-50, Model 2: Partially
Decentralized Program Management Model
31
2.6.4 NIST-SP800-50, Model 3: Fully
Decentralized Program Management Model
32
2.6.5 IS Security Awareness Sequential Model 33
2.6.6 Full E-Awareness Model (E-AM) 34
2.6.7 Framework for Evaluating ICT Security
Awareness
35
2.6.8 Southern African Cyber Security Awareness
Framework
36
2.6.9 Awareness Model by [SecurityResearch.at] 38
2.6.10 Japanese National Information Security
Center Slogan
39
2.6.11 Awareness Noticeboard 40
2.6.12 Security Awareness Maturity Model 41
2.6.13 Four Factor Influence Awareness 42
2.6.14 Summary of Existing Framework / Model /
Guideline
44
2.7 Current Technique of Designing, Developing and
Implementing Awareness Program
47
ix
2.8 Summary 48
3 RESEARCH METHODOLOGY
3.1 Introduction 50
3.2 Operational Framework 50
3.2.1 Phase 1: Information Gathering 53
3.2.2 Phase 2: Design 54
3.2.3 Phase 3: Validation 55
3.3 Survey Technique Explanation 56
3.3.1 Pre-Study and Observation 57
3.3.2 Questionnaire 57
3.3.3 Statistical Method 58
3.4 Summary 59
4 DESIGN IMPLEMENTATION PROCESS
4.1 Introduction 60
4.2 Mapping Process 60
4.2.1 Relationship Table Description 62
4.3 Selection of Elements/Components/Features 64
4.4 Model Draft Design 69
4.4.1 Draft Model Summary Description 70
4.4.2 Details Model Description 72
4.5 Summary 75
5 ANALYSIS AND RESULT
5.1 Introduction 76
5.2 Targeted Experts Validation 76
5.3 First Stage Validation Model Process 77
5.4 Second Stage Validation Model Process 78
5.4.1 Validation of Model Design 78
5.4.2 Validation Script Questionnaire 79
5.4.3 New Model Draft 81
5.5 Supported Expert Witness 82
x
5.5.1 Analysis on Expert Witness Validation Result 83
5.6 Educational and Training Model of Security Awareness
on Mobile Device
87
5.6.1 Details Model Description 88
5.6.2 Summary of Model Description 92
5.7 Summary 95
6 CONCLUSION
6.1 Introduction 96
6.2 Research Achievement 96
6.3 Research Challenges and Constraints 98
6.4 Future Work 99
6.5 Summary 99
REFERENCES
100
APPENDIX 104
xi
LIST OF TABLE
TABLE NO. TITLE PAGE
2.1 Matrix Table Who Needs Awareness 17
2.2 Example of Mobile Application 21
2.3 Recent Threats and Solution 24
2.4 Matrix Table of Threats 25
2.5 Matrix Table of Application Versus Threats 26
2.6 Matrix Table of Features 45
3.1 Activities Summarization Table 52
4.1 Result of Students Feeling to Their Devices 62
4.2 Result of Attending Course or Program 64
4.3 Matrix Table of Selected Features 65
4.4 Result of Students Responds Towards the
Education and Training
67
4.5 Result of Joining Class 67
4.6 Result of Information Security Awareness as
Compulsory Course
68
4.7 Summary of Description Model 70
5.1 Details of Validator 77
5.2 Expert Witness Validation Result on Section A 83
5.3 Expert Witness Validation Result on Section B 84
5.4 Expert Witness Validation Result on Section C 85
5.5 Expert Witness Validation Result on Section D 85
5.6 Expert Witness Validation Result on Section E 86
5.7 Expert Witness Validation Result on Section F 86
5.8 Summarization of Model Description 93
xii
LIST OF FIGURE
FIGURE NO. TITLE PAGE
2.1 Statistic of Smartphone 13
2.2 Statistic of Mobile Malware Arise 14
2.3 TechRepublic Survey Result 14
2.4 Survey Result Study on Password Usage 15
2.5 Survey Result Study on Antivirus Software Usage 16
2.6 Survey Result Toward Security Feeling on Mobile
Device
16
2.7 List of Mobile Malware 23
2.8 List of Mobile Protection Software 23
2.9 List of Top Threats by Semantec 27
2.10 Information Security Learning Continuum 29
2.11 Centralized Program Management Model 30
2.12 Partially Decentralized Program Management
Model
31
2.13 Fully Decentralized Program Management Model 32
2.14 IS Security Awareness Sequential Model 33
2.15 The Full E-Awareness Model (E-AM) 34
2.16 Framework for Evaluating ICT Security
Awareness
35
2.17 Southern African Cyber Security Awareness
Framework
36
2.18 Model by (DI.Mag. Andreas Tomek,
SecurityResearch.at)
38
2.19 Slogans by Japanese National Information
Security Center
39
xiii
2.20 Noticeboard by (Dr. Gary Hinson PhD MBA
CISSP, 2012)
40
2.21 Security Awareness Maturity Model 42
2.22 Four Factor Influence Awareness 43
2.23 Approach for an Effective Information Security
Awareness Program
47
3.1 Operational Framework 51
4.1 Relationship Table 61
4.2 Security Awareness Knowledge Result 63
4.3 Pre-Model Design 69
5.1 New Drafted Model 82
5.2 Final Design 88
xiv
LIST OF ABBREVIATION
GPS Global Positioning System
ICT Information Communications Technology
IM Instant Messaging
IS Information System
IT Information Technology
LAN Local Area Network
MMS Multimedia Messaging Service
NIST National Institute of Standards and Technology
OS Operating System
PC Personal Computer
PDA Personal Digital Assistant
SMS Short Message Service
UTM Universiti Teknologi Malaysia
xv
LIST OF APPENDIX
NO. TITLE PAGE
1 Appendix A 104
2 Appendix B 111
3 Appendix C 117
4 Appendix D 121
CHAPTER 1
INTRODUCTION
1.1 Introduction
The word “security” towards people will appoint with something that related to a
degree of protection against the danger, damage, loss, harm and crime. Security becomes a
form of protection structures and processes that provide to improve the security mechanism
as its condition. Besides, every work that we are on will require a security and safety.
“Safety First” is the most common message on signboard that been placed at the
construction sites and workstation which highly expose to death risk. This alone shows us
that the security issues are crucial as fatal injury and big loss will take place whenever
people being insignificant during their duty.
Since Information Technology is in high demand technology and widely used by
human being in this century, security issues in this area also rapidly increase as current
issue happened which mentioned in online media web “Utusan Malaysia date on 24 Jun
2011”. In that article, Vice President Cyber Security Responsive Service; Adli Abd Wahid
said, mostly the internet user in Malaysia doesn’t know a right way to secure their
computer and their data. Furthermore, they not even alert or know what actually firewall
work is for. He advised to all users should learn security education (IT) to prevent security
breaches that happened to Malaysian Government Websites on the date before.
2
Security awareness is important and a must needs to any organization. Information
security management is terms of technical and procedural controls that protect information
assets with respect to confidentiality, integrity and availability. However, many of these
controls miss their effectiveness when staff/employees act in a security-negative manner
which refer to, they do not aware the risk of their current insecure behavior and they set
aside the organization’s policy and standards because it is more convenient to work like
that. Hence, by implementing effective security will depend on creating an information
security-positive environment, which the staff/employees understand and act accordingly
to behave supposedly.
1.2 Problem Background
Mobile devices nowadays are widely used by all human beings in the entire world.
Its revolution has been updated year by year to satisfy a good services and application to
human life. Mobile device makes human life at ease level as everything is just under the
user’s fingertip. As simple as one click button will show all the information needed
instantly. Besides, with a thousand of applications that provided by the function of each
device which collaborate with the provider of the service, for example, people can manage
to pay a bill, to transfer an amount, to book a flight ticket and even can manage or view
their share market just by using their mobile device.
Mobile devices such as cellular phone, PDA (Personal Digital Assistant),
Smartphone and Tablet PC are exposed to various security threats like malicious code
which included virus, worm and Trojan horses), vulnerabilities of mobile device, attacks
on network communication, data or information robbery and damage also a mobile spam
(Kim and Leem, 2005).
With rising up amount of information being sent and communicate through
wireless channels, new threats also increase. Later, information security will become a
3
critical issues to mobile devices and be a great concern to mobile devices users, just like
what computer users do today (Bouwman, et al., 2006; Malloy, et al., 2002).
It has been realized that information is not just a technology problem, and in a
recent years it becomes a hot topic to study the human factors in information security in the
field of cyberspace (Hassel and Wiedenbeck, 2004; McCauley-Bell and Crumpton, 1998;
Proctor et al., 2000). Since security issues related to mobile devices are different from that
which related to computer. As example, mobile device might be infected with virus
through the instant messages; users conducting mobile commerce may perceive security
also differently from conduct e-commerce through computers or laptop; and personal
privacy related to mobile devices also different.
Till now, security and privacy awareness of mobile internet usage has drawn few
attentions in research and industry (Maurer, 2010). With the raise number of users that
employ those devices for security sensitive tasks like internet banking, therefore security
and privacy mechanism for mobile devices should be considered in the future.
1.3 Problem Statement
Many organizations have work hard to protect their asset from any harm, damage,
loss, stealing, etc. Some of them have spent over thousand to have such strong security
mechanism to protect their belongings. By installing a good security mechanism is not
enough while security awareness among the employee/staff still at low level. The intruders
may use social engineering in order to get pass through the security tools which been
applied. Even some of professional also does not aware at all in their action in working.
Awareness often overlooked neither organization nor people around the world.
They mostly are focusing on having an advance technology and depending on expert to
4
monitor the security issues while information security awareness is the root state whereby
people will aware on their security mission (Siponen, 2000).
In this study, the problem statements have been identified. Usually students are
obsessed to advance technology such as smartphone or others pocket size gadget whereby
it was providing a multiple and various functions that complement with the requirement in
their life style. Besides, as mentioned by (Androulidakis, 2010) the security of mobile
devices is proven not to be sufficient enough in many research papers. The advance and
modern mobile devices, specifically smartphones are vulnerable to various security risks.
By adopting the mobile devices without any security knowledge or lack of
awareness concern by thinking that the device is secure enough will lead the students being
exposed to those mobile device vulnerabilities and risk. This may harm their devices and
personal information might be stolen. Therefore information security education should
become a priority to be implemented to educational institution like United State was done
in a past few year (Hentea, 2005). In addition, the researcher also stated that there are some
aspects of security education model need a few attentions or make a review for changes.
Here are the lists of problems question that needs to be concern in doing this study,
define as below:
i. Which level of student most at high-risk for security threat and lack of
awareness?
ii. Does security awareness education course and training program should be
held in University?
iii. Which aspects of current existing model that require some customization or
modification?
iv. How does the propose model can increase the awareness among the
students?
5
1.4 Project Aim
The aims of this study are to identify the current stage of awareness among the
different level of student and their field either at low level, intermediate or high level and
to propose a design of security awareness model that suit to UTM campus student’s.
Anyhow in order to raise up the security awareness concern between the organization and
the student which can motivate them to alert or aware any of vulnerabilities and attack
from any invader that may harm such an important or valuable data or information which
can cause damage or loss toward the organization or individually.
1.5 Objectives
In this project, there are three objectives that need to be achieved in this project.
There are as follows:
i. To identify current state of security awareness on mobile device user
(UTM’s student) before and after undergoes training or has a proper
education in Security Awareness Course or Program.
ii. To design an appropriate model of Information Security Awareness to
raise up awareness concern among students
iii. To validate the model which been proposed and analyze the validation
result.
1.6 Project Scope
Scope of the project includes as the following areas:
i. The study focus on UTM campus as a target organization.
ii. The students of UTMs’ are the target respondents.
6
iii. Survey will be done to a different faculty and different level of
respondents.
iv. Survey result will signify the current stage of awareness concern among
the mobile device user.
v. Generate the data and design the appropriate model to the ICT unit of
UTMs’ as a guideline to implement educational course or training
program to students.
1.7 Significance of the Project
Significance of doing this study is mainly to suggest for the organization to follow
the model that will be suggest. Security education and awareness program are crucial
although by combining both would take a lot of time and energy. Experts generally agreed
that people are the most common greatest source of IT security problems. Statistics
consistently show that the majority of security breaches are caused by insiders, and the
damage they levy on their organizations can be much more severe than anything wrought
by hackers on the other side of the world (J.Pescatore, 2002).
Many, if not most, insider breaches are caused neither by disgruntled employees
nor by students intent on doing harm. The sources are often as follows reason:
i. People are not aware of the security threats.
ii. People are wrongly relying on someone else to deal with them.
iii. People are not adequately skilled to address them.
iv. People simply feel they have more important things to do and neglect to aware
those things.
7
1.8 Report Organization
This project study consists of four chapters in project 1. Every chapter is organizes
accordingly to a different work that involved in the study. The detailed organization of this
report is described in the following section of paragraphs:
Chapter 1 of this report consists overview of the study, problem background of the
project, problem statement, objectives of the project, scope of the project and significance
of this study.
Chapter 2 of this report covers recent review of the literature review that related to
the study area which is information security, security awareness and mobile device that
relate to each topic. Its will discuss the previous researcher work in scope security issues
and its problem.
Chapter 3 explain the technique of method that to be use in the study and also
operational framework been describe in details phase by phase that will represent the flow
of all task in doing the study.
Chapter 4 is discussing on design implementation process. It’s consist the
processes on how the elements and the features been selected in order to developing the
propose design model. Besides, matrix table also been map to each other to build a
relationship to be a strong support for model design.
Chapter 5 will discuss on analysis and the result of the finding from the student’s
survey feedback. The result of the validation process of the model also explained as to be
the finalized result of the design model.
8
Chapter 6 is the final chapter which consists of discussion on conclusion to the
project. It does discuss on research achievement, challenge and constraint of doing the
research and future recommendation towards the study. Lastly summarization of the
research project will all conclude in this chapter.
100
REFERENCE
Adam Marks, Yacine Rezgui. A comparative Study of Information Security Awareness in
Higher Edecation Based on the Concept of Design Theorizing. Journal.
Anind K.Dey, Jonna Hakkila (2008). Chapter XIII, Context-Awareness and Mobile Device.
IGI Global Journal.
Anthony S.PARK, Steffen LIPPERTS, and Marc WILHELM (2001). Location Based
Services for Context Awareness-Moving from GSM to UMTS.
Australian Government, Department of Broadband (2010). National Cyber Security
Awareness Awareness Raising and Educational Initiatives. Research Report, May
2011.
Australian Communications and Media Authority (ACMA),. An Overview of International
Cyber Security Awareness Week. Article 6-11 June 2010.
Berith L. Andersen, Martin L. Jorgensen, Ulrik Kold, Mikael B. Skov (2006). iSocialize:
Investigating Awareness Cues for a Mobile Socal Awareness Application. Journal
Chao Li, Katharine Willis. Modeling Contect Aware Interaction for Wayfinding using
Mobile Devices. Journal
Dirk De Maeyer. Setting up an Effective Information Security Awareness Programme.
KPMG Advisory
E. Eugene Schultz (2007). Risk due to Convergence of Physical Security Systems and
Information Technology Environment. Information Security Technical Report 12
(2007) 80-84.
E. Kritzinger, S.H von Solms (2010). Cyber Security for Home User: A new way of
Protection Through Awareness Enforcement. Computer & Security 29 (2010) 840-
847.
Fadi Aloul (2010). The Need for Effective information Security Awareness. Department of
Computer Science & Engineering American University of Sharjah.
101
Frank Breitinger, Claudia Nickel (2010). User Survey on Phone Security and Usage.
Publish paper.
Gaborone, Bostwana (May 2011). Proceeding of the First IFIP TC9/TC11 Southern
African Cyber Security Awareness Workshop 2011. Workshop.
HA Kruger, L Drevin, T Steyn. A Framework for Evaluating ICT Security Awareness.
Journal
Hyeonkoo Cho, Jungchan Na (2011). Security Situation Awareness and Situation
Information Generation Based on Spatial Linkage of Physical and IT Security.
IJCSNS International Journal of Computer Science and Network Security, VOL.11
No.1, January 2011.
Iosif Androulidakis, Gorazd Kandus. Differences in Users’ State of Awareness and
Practices Regarding Mobile Phone Security Among EU Countreis. Journal
Jason Gonzalez and James Hung, Stroz Friedberg LLC (2011). Mobile Device Forensic: A
Brave New World?. Bloomberg Law Report.
L. Drevin, H.A. Kruger, T. Steyn (2007). Value-Focused Assessment of ICT Security
Awareness in an Academic Environment. Computer & Security 26 (2007) 36-43
Liu Ying, Huang Dinglong, Zhu Haiyi, Patrick Rau. Users’ Perception of Mobile
Information Security. Journal
Mariana Hentea, APerspective on Achieving Information Security Awareness. Issue in
Informing Science and Information Technology.
Max-Emanuel Maurer (2010). Bringging Effective Security Warning to Mobile Browsing.
Journl
Mikko Hypponen (2006). Malware goes Mobile. Copyright 2006 Scientific American, INC
article.
Mohammed Boujettif, Yongge Wang. Constructivist Appproach to Information Security
Awareness in The Middle East. Journal.
Mollie K.Anderson (2008). State of Lowa Enterprise Mobile Device Security Standard.
5.19.2008
Muhammad Rabiul Hasan, Husnayati Hussin (2008). Self Awareness before Social
Networking: Exploring the User Behavior and Infromation Security Vulnerability in
Malaysia. Journal project
NIST-SP800-50. Building an Information Technology Security Awareness and Training
Progra.
102
Retrieved from: “https://www.mylookout.com/_downloads/lookout-mobile-threat-report-
2011.pdf”. June 2011.
Retrieved from: “http://www.securityresearch.at/en/audit-services/awareness/”. July
2012.
Retrieved from: “http://www.nisc.go.jp/security-site/eng/about.html”. July 2012.
Retrieved from: “http://www.noticebored.com/html/why_awareness_.html”. July 2012.
Retrieved from: “http://www.securingthehuman.org/blog/2012/05/22/security-awareness-
maturity-model/”. May 2012.
Retrieved from: “http://blog.afewguyscoding.com/2011/12/survey-mobile-device-security-
threats-vulnerabilities-defenses/”. Dec 2011.
Retrieved from: “http://www.enterpriseitnews.com.my/component/k2/item/443-symantec-
on-top-threats-targeting-mobile-devices.html”. Dec 2011.
SANS Institute (2005). Building a Security Policy Framework for a Large, Multi-National
Company. InfoSec Reading Room.
Shamsul Kamal Wan Fakeh, et al. (2012). Information Security Awareness Amongst
Academic Librarians. Journal of Applied Sciences Reserach.
Shirley Payne (2003). Developing Security Education and Awareness Programs.
Education Quarterly.
Theo Kanter (2003). Cooperative Mobile Ambient Awareness. Submission to MobEA
workshop of the WWW2003 conference.
Yacine Rezgui, Adam Marks (2008). Information Security Awareness in Higher
Education: An Exploratoty Study. Computer & Security 27 (2008) 241-253
Yiwei Cao. Mobile Social Software with Context Awareness and Data Uncertainty for
Technology-Enhanced Learning. Journal