Design of a cyber security awareness campaign for internet Cafés users in rural areas

Abstract

Africa may have the lowest number of Internet users in the world, but it also has the highest growth rate and the number of users is steadily growing. A majority of the African population is still excluded from global cyber networks and thus have very low cyber literacy rates. A consequence of these two factors is that many Internet users access the Internet without understanding or even realising the dangers of the cyber world. Proactive measures need to be developed to ensure that these new Internet users are equipped with computer and information security knowledge to mitigate possible cyber attacks. Due to limited availability of infrastructure, a large percentage of the African population access the Internet via Internet Cafés. A need has been identified to make users aware of the threats that may be present at an Internet Café. This paper addresses how the National Institute of Standards and Technology (NIST) framework, defined in the guide, “Building an Information Technology Security Awareness and Training Program”, can be used to develop a security awareness program that focuses on possible cyber threats at Internet Cafés. This guide provides a framework that can be applied to construct a security awareness program. It consists of four steps that form part of the life cycle of an information technology (IT) security awareness and training program. These steps are used to identify requirements of a security training strategy, to develop material that addresses the identified requirements, for the effective roll-out of the program, and to ensure the program is current and to monitor the effectiveness of the program. This framework can be used to address an identified threat in a specific context. This paper addresses the development of a security awareness campaign with the focus on reducing threats emanating from Internet Cafés