Loading...
The enforcement of end-user security compliance using Chatbot
Author(s)
Siyongwana, Goodman Mzwabantu
Date Issued
2022
Type
Thesis
Publisher
Cape Peninsula University of Technology
Abstract
Information security is a multifaceted approach that combines technical and non-technical
controls to ensure that organisations are protected against cyber-attacks. Technical security
controls apply technological solutions such as firewalls, encryption, antivirus, antimalware,
intrusion detection system and intrusion prevention systems. Non-technical security controls
deal with security policies, procedures, and standards. Users need to be educated about these
non-technical security controls for compliance and adherence.
Extant literature has noted poor security conduct and low compliance levels among users. This
behaviour leads to what is known in the security realm as an insider threat. Cyber-attacks
constantly evolve to keep up with the latest technology. However, low-tech attacks are still
popular because manipulating the insider threat’s vulnerability (human factor) does not require
sophisticated techniques. Training and awareness are key to the success of information
security policy. However, it has become apparent that ongoing user compliance is not easy to
achieve because users have difficulties applying the contents of information security policy
consistently. This difficulty, accompanied by a lack of regular security training, is seen as the
primary cause of users’ inconsistent security behaviour.
The research hypothesis of this study is that users who receive a constant reminder about the
contents of the information security policy have a higher information security compliance
behaviour than users without any form of reminder. This quantitative research study used a
chatbot to test the hypothesis. The data was collected from two government entities in Cape
Town. A random sampling technique was used to acquire a sample of forty-two participants.
Experiments followed a two-group experimental design approach: the experimental group and
the control group. The experimental group was exposed to the treatment; in this research, a
chatbot was used as an intervention.
Three hypotheses were tested in this research study. The results of the first hypothesis showed
a significant difference in the behaviour of the users who received training and exposure to a
chatbot. The results of the second hypothesis were not statistically significant. The results of
the third hypothesis proved that the compliance behaviour of users could be improved if users
were to receive constant reminders about the contents of the information security policy.
Implications, future research and recommendations included recommendations for a
longitudinal study and extending the research to other provinces. In addition, the study
recommended further analysis of information security training delivery methods.
controls to ensure that organisations are protected against cyber-attacks. Technical security
controls apply technological solutions such as firewalls, encryption, antivirus, antimalware,
intrusion detection system and intrusion prevention systems. Non-technical security controls
deal with security policies, procedures, and standards. Users need to be educated about these
non-technical security controls for compliance and adherence.
Extant literature has noted poor security conduct and low compliance levels among users. This
behaviour leads to what is known in the security realm as an insider threat. Cyber-attacks
constantly evolve to keep up with the latest technology. However, low-tech attacks are still
popular because manipulating the insider threat’s vulnerability (human factor) does not require
sophisticated techniques. Training and awareness are key to the success of information
security policy. However, it has become apparent that ongoing user compliance is not easy to
achieve because users have difficulties applying the contents of information security policy
consistently. This difficulty, accompanied by a lack of regular security training, is seen as the
primary cause of users’ inconsistent security behaviour.
The research hypothesis of this study is that users who receive a constant reminder about the
contents of the information security policy have a higher information security compliance
behaviour than users without any form of reminder. This quantitative research study used a
chatbot to test the hypothesis. The data was collected from two government entities in Cape
Town. A random sampling technique was used to acquire a sample of forty-two participants.
Experiments followed a two-group experimental design approach: the experimental group and
the control group. The experimental group was exposed to the treatment; in this research, a
chatbot was used as an intervention.
Three hypotheses were tested in this research study. The results of the first hypothesis showed
a significant difference in the behaviour of the users who received training and exposure to a
chatbot. The results of the second hypothesis were not statistically significant. The results of
the third hypothesis proved that the compliance behaviour of users could be improved if users
were to receive constant reminders about the contents of the information security policy.
Implications, future research and recommendations included recommendations for a
longitudinal study and extending the research to other provinces. In addition, the study
recommended further analysis of information security training delivery methods.
Additional information
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2022
File(s)![Thumbnail Image]()
Loading...
Name
Siyongwana_Goodman_208225609.pdf
Size
778.51 KB
Format
Adobe PDF
Checksum
(MD5):1684a5ede4edeafb8b362dc1566cc5cc