Abstract
Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills which allow for identification of security threats along with the proper course of action. This work-in-progress study addresses the first phase of a larger project to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two security education, training, and awareness (SETA) program types (traditional vs. socio-technical) and three SETA delivery methods (face-to-face, hybrid, & online). In the first phase, a panel of subject matter experts (SMEs) will review SETA program topics and the measurement criteria for CCA and CyS per the Delphi methodology. The SMEs’ responses will be incorporated into the development of two SETA program types with integrated vignette-based assessment to be delivered via three methods.
Included in
Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
Towards A Comparison of Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills which allow for identification of security threats along with the proper course of action. This work-in-progress study addresses the first phase of a larger project to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two security education, training, and awareness (SETA) program types (traditional vs. socio-technical) and three SETA delivery methods (face-to-face, hybrid, & online). In the first phase, a panel of subject matter experts (SMEs) will review SETA program topics and the measurement criteria for CCA and CyS per the Delphi methodology. The SMEs’ responses will be incorporated into the development of two SETA program types with integrated vignette-based assessment to be delivered via three methods.