ALARM information security«

Peter Koppatz 2021-06-01 00:00

»Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually.« ¹ . The project »Awareness Laboratory SME information security « (ALARM) ² is concerned with the problem that small enterprises do neither have the capacity to perform security trainings in their own responsibility, nor the financial support. The central item is the concept of (security) awareness. A quantification of awareness should help to measure and control the success of any training program for small enterprises. However, the question is, how to measure awareness. The problem of supporting a non-measurable quantity by a set of measurable indicators is well known and lead to many statistical concepts, for example structural equation modelling (SEM) just to mention a rather recent development. SEM is challenging not only due to its high-sophisticated statistical background ³, but also because of its requirement to provide large data sets.

As an alternative in project ALARM an approach is tested, which is based on the theory of partially ordered sets. Although, up to know this theory applied to multi-indicator systems is far from the powerful statistical machinery as in SEM or similar approaches, the psosetic approach can be useful in selecting indicators which model an unknown quantity for the purpose of a mutual comparison. The mathematics in this posetic theory is relatively simple, however, the evaluations are troublesome to be performed. Therefore, there is considerable interest in suitable computerized tools, such as PyHasse ⁴. Recently a new version of PyHasse ⁵ was established, which allows an easy access through Internet websites:sup:6. So the idea is, once indicators for an estimation of awareness are found, any coworker of small enterprises should be able to apply this software after a minimal time of training and to control his mastery in computer security.

Footnotes

1: https://en.wikipedia.org/wiki/Security_awareness
2: https://alarm.wildau.biz/en
3: Kline, R. B. 2016. Principles and Practice of Structural Equation Modeling. The Guilford Press, New York.
4: Koppatz, P., R. Bruggemann, L. Carlsen, F. Maggino, and V. Pratz. 2019. Jupyter Notebooks - Analysis, and Visualizaton. Food Sustainability as an Exemplary Case. Pages 153-165 in J. Wittmann, ed. Simulation in Umwelt- und Geowissenschaften, Worshop Kassel 2019. Shaker-Verlag, Düren.
5: https://posets.pyhasse.org/
6: Bruggemann, R., A. Kerber, P. Koppatz, and V. Pratz. 2021. PyHasse, a Software Package for Application Studies of Partial Orderings. Pages 291-307 in R. Bruggemann, L. Carlsen, T. Beycan, C. Suter, and F. Maggino, eds. Measuring and Understanding Complex Phenomena; Indicators and Their Analysis in Different Scientific Fields. Springer Nature, Cham Switzerland.

PyHasse credits