Abstract

Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills which allow for identification of security threats along with the proper course of action. This work-in-progress study addresses the first phase of a larger project to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two security education, training, and awareness (SETA) program types (traditional vs. socio-technical) and three SETA delivery methods (face-to-face, hybrid, & online). In the first phase, a panel of subject matter experts (SMEs) will review SETA program topics and the measurement criteria for CCA and CyS per the Delphi methodology. The SMEs’ responses will be incorporated into the development of two SETA program types with integrated vignette-based assessment to be delivered via three methods.

Share

COinS
 

Towards A Comparison of Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs

Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills which allow for identification of security threats along with the proper course of action. This work-in-progress study addresses the first phase of a larger project to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two security education, training, and awareness (SETA) program types (traditional vs. socio-technical) and three SETA delivery methods (face-to-face, hybrid, & online). In the first phase, a panel of subject matter experts (SMEs) will review SETA program topics and the measurement criteria for CCA and CyS per the Delphi methodology. The SMEs’ responses will be incorporated into the development of two SETA program types with integrated vignette-based assessment to be delivered via three methods.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.