Date of Award

3-24-2008

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Systems Engineering and Management

First Advisor

Dennis D. Strouble, PhD

Abstract

Today, the threats to information security and assurance are great. While there are many avenues for IT professionals to safeguard against these threats, many times these defenses prove useless against typical system users. Mandated by laws and regulations, all government agencies and most private companies have established information assurance (IA) awareness programs, most of which include user training. Much has been given in the existing literature to laying out the guidance for the roles and responsibilities of IT professionals and higher level managers, but less is specified for "everyday" users of information systems. This thesis attempts to determine the content necessary to educate system users of their roles and responsibilities for IA. Using the NIST Special Publication 800-50 as a guide, categories of threats and knowledge areas are established and the literature is analyzed and separated into the categories. The thesis closes with a comparison of the IA awareness training modules of the United State's Air Force and Defense Information Systems Agency and a discussion of areas of further research concerning IA awareness training.

AFIT Designator

AFIT-GIR-ENV-08-M07

DTIC Accession Number

ADA482729

Share

COinS