Enabling User Participation in Web-based Information Security Education

The greatest threat to Information Security are the employees within an organization. Many security controls rely on the user in order to be effective. It is thus vital to educate users about their role(s) in security. Many companies cannot afford, in terms of time or finances, to replace employees during training periods. The Web has long since been identified as a viable alternative to traditional training. To a certain extent, using the Web as a training platform depends on user buy-in. Web 2.0, which involves users and is largely user driven, is one way in which such buy-in could be obtained. This paper will discuss both the data acquisition and storage of Information Security principles to a centralized knowledge store, from which Web based Security Education technologies can draw inference. These web based security education applications should involve the user, thereby securing their buy-in and adding to the overall effectiveness of the training program. The use of Resource Definition Framework (RDF), SPARQL Protocol And RDF Query Language (SPARQL) and the Semantic Web will be discussed as possible solutions to the storage and transport of represented knowledge between multiple systems.