A context-based approach for assessing the information security awareness of users