Honeypots for employee information security awareness and education training: A conceptual EASY training model
This addresses the need for ongoing security training among employees in corporate environments to mitigate cyber threats, though it is incremental as it adapts existing theories to a specific context.
The paper tackles the problem of improving employee information security awareness by deploying honeypots at a Singaporean university and analyzing the data to inform training. It proposes a conceptual EASY training model based on Routine Activity Theory to design effective security education programs.
The increasing pervasiveness of internet-connected systems means that such systems will continue to be exploited for criminal purposes by cybercriminals (including malicious insiders such as employees and vendors). The importance of protecting corporate system and intellectual property, and the escalating complexities of the online environment underscore the need for ongoing information security awareness and education training and the promotion of a culture of security among employees. Two honeypots were deployed at a private university based in Singapore. Findings from the analysis of the honeypot data are presented in this paper. This paper then examines how analysis of honeypot data can be used in employee information security awareness and education training. Adapting the Routine Activity Theory, a criminology theory widely used in the study of cybercrime, this paper proposes a conceptual Engaging Stakeholders, Acceptable Behavior, Simple Teaching method, Yardstick (EASY) training model, and explains how the model can be used to design employee information security awareness and education training. Future research directions are also outlined in this paper.