e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 54 that customer data will be safe and that your organisation will continue to operate based on any type of event.

6. Will lead to new product and platform innovation

The need for new product ideas and innovation is critical to the success and growth of the global economy. These new product innovations can come from improving on older technologies or collaborating with existing technologies to form new ones. Cloud computing is positioned to be an important ingredient that companies can use to bundle with other services that can provide customers with new experiences. The number of possibilities that companies can combine with cloud computing is infinite and we are excited about the future innovations that may rise from this technology. We are already seeing innovations from companies such as Amazon, Google, Rackspace, IBM, and Microsoft. Cloud computing is new technology that has just begun to assemble the policies, technologies, disciplines and is not at a mature state yet. There is so much potential to grow this domain forward and it will be exciting to see what will happen in the next ten years in the evolution of the cloud. We expect to see more synergies from different technologies and possibly more collaborations from vendors in offering customers better solutions. These are some example product exist in the market: • amazon.com • ATT • iCloud • Dropbox • Evernote • Google Drive • Skydrive • 4shared • Mediaire Conclusion The tight relationship between cloud computing, virtualisation, and shared storage naturally means that virtualisation and shared storage will increase in importance. The new utility model for IT services breaks the conventional technology, people, and process barriers that applications and information haven been confined to. Cloud computing is a new computing paradigm that is still emerging. Technology advances are expected to improve performance and other qualities of services from public clouds, including privacy and security. Many agency systems are long lived and, if transitioned to a public cloud, will likely experience technology and other changes over the course of their lifetime. Cloud providers may decide to sell or merge their offerings with other companies; service offerings may be eclipsed by those of another cloud provider or fall into disfavour; and organisations may be required to re- compete an existing contract for cloud services, when all contractual obligations are exhausted. Eventually having to displace some systems to another public cloud is a distinct possibility that federal agencies and other organisations should not dismiss. ￭ References 1. http:www.nist.gov 2. www.Wikipedia.org 3. http:www.examiner.comarticlewhy-cloud- computing-is-important 4. www.crn.com 5. www.amazon.com 6. www.howstuffworks.com e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 55 Introduction Your organisation is ISMS certiied. You have information security policies in place. Security awareness campaigns, trainings and talks have taken place. But how do you measure the effectiveness of the programmes and the awareness level of your organisation? What should you measure? Its been said that security is hard to measure. That includes measuring the awareness level of an organisation. Although security has always been perceived as a dynamic process, it does not mean that it is left without any measurable aspects. The process needs to be improved in order to be measured. According to John Schroeter, in an article from CSO [1], there are many beneits an organisation will enjoy when they make improvements to the process. Among those beneits are:- a. Better budget justiications for creating the security awareness program training b. Better ability to identify major data breached c. Secure conidential information d. Limit physical access to data storage devices e. Achieve high compliance with legal and self- regulatory framework f. In better position to attract and retain high-quality information security personnel g. Effective enforcement of corporate information security policy h. Protected company reputation which increase customer trust and loyalty It is agreed among professionals that measuring security awareness effectiveness is not straightforward as in measuring manufacturing or quality processes. However with the use of right available tools and methods, getting real key indicators of an organisation’s level of awareness is possible. What should we measure? To start with, there is no commonly agreed and understood standard measure of the effectiveness of a security awareness programme and the awareness level of an organisation. However, there are a number of qualitative and quantitative measures that can be used in order to obtain real insights and to show how much progress an organisation have achieved over a period of time. In an article titled Measuring Information Security Awareness: A West Africa Gold Mining Environment Case Study[2], West Africa Gold Mining company used a methodology based on techniques borrowed from the ield of social psychology to develop a measuring tool. The methodology proposed that learned predispositions to respond in a favourable or unfavourable manner to a particular object have three components: affect, behaviour and cognition. Affect One’s positive and negative emotions about something Behaviour Intention to act in a particular manner Cognition The beliefs and thoughts one holds about an object Figure 1: Definition of the three component by Feldman, 1999; Michener and Delamater, 1994 [3] Measuring Security Awareness By | Melisa Binti Muhamed