Abstract

Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study was to propose and validate, using subject matter experts (SMEs), a reliable hands-on assessment prototype tool for measuring the knowledge, skills, and abilities (KSAs) that comprise the cybersecurity competency of an OISU. Primarily using the Delphi methodology, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: (a) KSAs, (b) KSA measures, (c) KSA measure weights, and (d) cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). Phase 4 proposed and validated an OISU cybersecurity competency threshold (index score) of 80%. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype cybersecurity competency assessment tool. Phase 5 conducted data analysis by computing levels of dispersion and one-way analysis of variance (ANOVA), which indicated that annual cybersecurity training and job function are significant, providing evidences for significant differences in OISU cybersecurity competency.

Share

COinS
 

A Developmental Study on Assessing the Cybersecurity Competency of Organizational Information System Users

Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study was to propose and validate, using subject matter experts (SMEs), a reliable hands-on assessment prototype tool for measuring the knowledge, skills, and abilities (KSAs) that comprise the cybersecurity competency of an OISU. Primarily using the Delphi methodology, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: (a) KSAs, (b) KSA measures, (c) KSA measure weights, and (d) cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). Phase 4 proposed and validated an OISU cybersecurity competency threshold (index score) of 80%. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype cybersecurity competency assessment tool. Phase 5 conducted data analysis by computing levels of dispersion and one-way analysis of variance (ANOVA), which indicated that annual cybersecurity training and job function are significant, providing evidences for significant differences in OISU cybersecurity competency.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.