Please use this identifier to cite or link to this item:
https://etd.cput.ac.za/handle/20.500.11838/3837
Title: | The enforcement of end-user security compliance using Chatbot | Authors: | Siyongwana, Goodman Mzwabantu | Keywords: | Chatbots;Computer security;End-user computing -- Security measures;Computer networks -- Security measures | Issue Date: | 2022 | Publisher: | Cape Peninsula University of Technology | Abstract: | Information security is a multifaceted approach that combines technical and non-technical controls to ensure that organisations are protected against cyber-attacks. Technical security controls apply technological solutions such as firewalls, encryption, antivirus, antimalware, intrusion detection system and intrusion prevention systems. Non-technical security controls deal with security policies, procedures, and standards. Users need to be educated about these non-technical security controls for compliance and adherence. Extant literature has noted poor security conduct and low compliance levels among users. This behaviour leads to what is known in the security realm as an insider threat. Cyber-attacks constantly evolve to keep up with the latest technology. However, low-tech attacks are still popular because manipulating the insider threat’s vulnerability (human factor) does not require sophisticated techniques. Training and awareness are key to the success of information security policy. However, it has become apparent that ongoing user compliance is not easy to achieve because users have difficulties applying the contents of information security policy consistently. This difficulty, accompanied by a lack of regular security training, is seen as the primary cause of users’ inconsistent security behaviour. The research hypothesis of this study is that users who receive a constant reminder about the contents of the information security policy have a higher information security compliance behaviour than users without any form of reminder. This quantitative research study used a chatbot to test the hypothesis. The data was collected from two government entities in Cape Town. A random sampling technique was used to acquire a sample of forty-two participants. Experiments followed a two-group experimental design approach: the experimental group and the control group. The experimental group was exposed to the treatment; in this research, a chatbot was used as an intervention. Three hypotheses were tested in this research study. The results of the first hypothesis showed a significant difference in the behaviour of the users who received training and exposure to a chatbot. The results of the second hypothesis were not statistically significant. The results of the third hypothesis proved that the compliance behaviour of users could be improved if users were to receive constant reminders about the contents of the information security policy. Implications, future research and recommendations included recommendations for a longitudinal study and extending the research to other provinces. In addition, the study recommended further analysis of information security training delivery methods. | Description: | Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2022 | URI: | https://etd.cput.ac.za/handle/20.500.11838/3837 |
Appears in Collections: | Information Technology - Master's Degree |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Siyongwana_Goodman_208225609.pdf | 778.51 kB | Adobe PDF | View/Open |
Page view(s)
393
Last Week
8
8
Last month
19
19
checked on Nov 24, 2024
Download(s)
311
checked on Nov 24, 2024
Google ScholarTM
Check
Items in Digital Knowledge are protected by copyright, with all rights reserved, unless otherwise indicated.