Honeypots for employee information security awareness and education training: A conceptual EASY training model

Abstract: The increasing pervasiveness of internet-connected systems means that such systems will continue to be exploited for criminal purposes by cybercriminals (including malicious insiders such as employees and vendors). The importance of protecting corporate system and intellectual property, and the escalating complexities of the online environment underscore the need for ongoing information security awareness and education training and the promotion of a culture of security among employees. Two honeypots were deployed at a private university based in Singapore. Findings from the analysis of the honeypot data are presented in this paper. This paper then examines how analysis of honeypot data can be used in employee information security awareness and education training. Adapting the Routine Activity Theory, a criminology theory widely used in the study of cybercrime, this paper proposes a conceptual Engaging Stakeholders, Acceptable Behavior, Simple Teaching method, Yardstick (EASY) training model, and explains how the model can be used to design employee information security awareness and education training. Future research directions are also outlined in this paper.