Towards metamodel-based approach for Information Security Awareness Management

Information technology and information system have been used widely in many fields such as in business, education, marketing, transportation and medical. Security aspect plays a vital role and thus turns into a challenging issue. The security should be readily installed and resistance to various numbers of potential attacks likes Spyware, Phishing / Spam and Malwares (Virus, Worm and Trojans). It is important to have specific countermeasures that could minimize the harm to enterprises. Thus, increasing the awareness to optimal level is the main target of enterprise management. Unfortunately, the main reason that fails many existing enterprise' Information Security Awareness Management (ISAM) models is the complexity and inflexibility. Complexity means the model's structure is less practical (for instance, the implementation needs to be deployed manually). Inflexibility means it cannot support multiple kinds of businesses and did not consider security aspects. In this paper, we surveyed and discussed several existing ISAM models considering the security issues in current enterprise. We proposed a metamodel-based approach for ISAM that can offer efficiency and security that brings out clearly significant benefits by highlighting the organization overall level of awareness whether it is strong enough or weak. This will help many users in this domain to easily understand the important concepts required for their own information security awareness management.