An Effective Cybersecurity Training Model to Support an Organizational Awareness Program

Traditional cybersecurity, security or information security awareness programs have become ineffective to change people's behavior in recognizing, failing to block or reporting cyberthreats within their organizational environment. As a result, human errors and actions continue to demonstrate that we are the weakest links in cybersecurity. This article studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks and approaches. The authors introduce a suggested awareness training model to address existing deficiencies in awareness training. The Cybersecurity Awareness TRAining Model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The authors concluded their study by addressing the need of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

Download Full-text

Delivering Effective Cybersecurity Awareness Training to Support the Organizational Information Security Function

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch029 ◽

2021 ◽

pp. 629-650

Author(s):

Regner Sabillon

Keyword(s):

Information Security ◽

Training Model ◽

Awareness Training ◽

Specific Content ◽

Human Behaviors ◽

Information Security Awareness ◽

Security Education ◽

Organizational Information ◽

Awareness Programs ◽

Different Levels

Traditional security education, training, and awareness (SETA); cybersecurity awareness programs; and information security awareness programs are falling behind to deal with the current cyberthreat landscape in any organizational environment. Human behaviors are the weakest links in cybersecurity, especially in situations where cyberthreats are not isolated, blocked, or reported to the information security specialists for further action. Moreover, the study compares recent awareness frameworks, approaches, and methodologies. An extended research that includes an awareness training model to deal with existing challenges when delivering cybersecurity to different levels of positions in any organization. The cybersecurity awareness training model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The study concluded by addressing the need for future and innovative research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

Download Full-text

Delivering Effective Cybersecurity Awareness Training to Support the Organizational Information Security Function

Interdisciplinary Approaches to Digital Transformation and Innovation - Advances in E-Business Research ◽

10.4018/978-1-7998-1879-3.ch012 ◽

2020 ◽

pp. 284-309

Author(s):

Regner Sabillon

Keyword(s):

Information Security ◽

Training Model ◽

Awareness Training ◽

Specific Content ◽

Human Behaviors ◽

Information Security Awareness ◽

Security Education ◽

Organizational Information ◽

Awareness Programs ◽

Different Levels

Traditional security education, training, and awareness (SETA); cybersecurity awareness programs; and information security awareness programs are falling behind to deal with the current cyberthreat landscape in any organizational environment. Human behaviors are the weakest links in cybersecurity, especially in situations where cyberthreats are not isolated, blocked, or reported to the information security specialists for further action. Moreover, the study compares recent awareness frameworks, approaches, and methodologies. An extended research that includes an awareness training model to deal with existing challenges when delivering cybersecurity to different levels of positions in any organization. The cybersecurity awareness training model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The study concluded by addressing the need for future and innovative research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

Download Full-text

The Cybersecurity Awareness Training Model (CATRAM)

Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-7998-4162-3.ch009 ◽

2021 ◽

pp. 233-257

Keyword(s):

Education Institution ◽

Training Model ◽

Future Research ◽

Awareness Training ◽

Human Errors ◽

Canadian Higher Education ◽

Awareness Programs ◽

Multiple Case ◽

People’S Attitudes

This chapter presents the outcome of one empirical research study that assess the implementation and validation of the cybersecurity awareness training model (CATRAM), designed as a multiple-case study in a Canadian higher education institution. Information security awareness programs have become unsuccessful to change people's attitudes in recognizing, stopping, or reporting cyberthreats within their corporate environment. Therefore, human errors and actions continue to demonstrate that we as humans are the weakest links in cybersecurity. The chapter studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks, and approaches. The cybersecurity awareness training model (CATRAM) has been created to deliver training to different corporate audiences, each of these organizational units with peculiar content and detached objectives. They concluded their study by addressing the necessity of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

Download Full-text

The Cybersecurity Awareness Training Model (CATRAM)

10.4018/978-1-6684-3554-0.ch025 ◽

2022 ◽

pp. 501-520

Author(s):

Regner Sabillon

Keyword(s):

Education Institution ◽

Training Model ◽

Future Research ◽

Awareness Training ◽

Human Errors ◽

Canadian Higher Education ◽

Awareness Programs ◽

Multiple Case ◽

People’S Attitudes

This chapter presents the outcome of one empirical research study that assess the implementation and validation of the cybersecurity awareness training model (CATRAM), designed as a multiple-case study in a Canadian higher education institution. Information security awareness programs have become unsuccessful to change people's attitudes in recognizing, stopping, or reporting cyberthreats within their corporate environment. Therefore, human errors and actions continue to demonstrate that we as humans are the weakest links in cybersecurity. The chapter studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the author compiled recent awareness methodologies, frameworks, and approaches. The cybersecurity awareness training model (CATRAM) has been created to deliver training to different corporate audiences, each of these organizational units with peculiar content and detached objectives. They concluded their study by addressing the necessity of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

Download Full-text

Building an effective information security awareness program

Central and Eastern European eDem and eGov Days ◽

10.24989/ocg.338.15 ◽

2020 ◽

Vol 338 ◽

pp. 189-200

Author(s):

Ildikó Legárd

Keyword(s):

Information Security ◽

Human Factor ◽

Significant Risk ◽

Security Awareness ◽

Security Culture ◽

Information Security Awareness ◽

Weakest Link ◽

Awareness Program ◽

Awareness Programs ◽

And Behavior

Many researchers and experts in the field of information security agree that the user is the weakest link in an organization’s chain of information security. Even if the system’s and the stored data’s physical and logical protection is well developed, the human factor exposes security to significant risk. The effective protection against the threats is to provide security awareness through implementing a well-developed and successful Information Security Awareness Program. Although organizations are able to recognize the importance of information security awareness, the implementation of the awareness programs can be difficult. The aim of this study is to help organizations to develop an effective Information Security Awareness Program tailored to the characteristics of the organization. The paper presents how we can build a program that influences and improves the user’s knowledge, attitude and behavior the most towards information security and makes positive changes in the security culture of an organization. To achieve that goal, the study identifies the key elements of the implementation, compares traditional awareness programs with modern trainings and highlights the importance of communication channels and methods. There is no single solution to improve information security, the essay summarizes and shows the most effective techniques that experts can use in order to seize the user’s attention toward information security, to establish credibility and trust, and to motivate action.

Download Full-text

The impact of information richness on information security awareness training effectiveness

Computers & Education ◽

10.1016/j.compedu.2008.06.011 ◽

2009 ◽

Vol 52 (1) ◽

pp. 92-100 ◽

Cited By ~ 87

Author(s):

R.S. Shaw ◽

Charlie C. Chen ◽

Albert L. Harris ◽

Hui-Jou Huang

Keyword(s):

Information Security ◽

Training Effectiveness ◽

Security Awareness ◽

Awareness Training ◽

Information Security Awareness ◽

Information Richness ◽

Security Awareness Training ◽

The Impact

Download Full-text

Establishing a Personalized Information Security Culture

Contemporary Challenges and Solutions for Mobile and Multimedia Technologies ◽

10.4018/978-1-4666-2163-3.ch004 ◽

2012 ◽

pp. 53-69 ◽

Cited By ~ 1

Author(s):

Shuhaili Talib ◽

Nathan L. Clarke ◽

Steven M. Furnell

Keyword(s):

Information Security ◽

Home Environment ◽

Security Culture ◽

Information Security Awareness ◽

Use Of Technology ◽

Awareness Programs ◽

Awareness Raising ◽

Knowledge And Practice ◽

Information Security Culture ◽

Individual Security

Good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect one’s self is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations. Given people’s use of technology is primarily focused between the workplace and home; this paper seeks to understand the knowledge and practice relationship between these environments. Through a developed survey, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. Results found that users were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that will develop an all-round individual security culture for users independent of the environment they are operating in.

Download Full-text

Recommendations for information security awareness training for college students

Information Management & Computer Security ◽

10.1108/imcs-01-2013-0005 ◽

2014 ◽

Vol 22 (1) ◽

pp. 115-126 ◽

Cited By ~ 33

Author(s):

Eyong B. Kim

Keyword(s):

College Students ◽

Information Security ◽

New England ◽

Web Sites ◽

Security Awareness ◽

Awareness Training ◽

Content Type ◽

Information Security Awareness ◽

The Status ◽

Security Awareness Training

Purpose – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). Design/methodology/approach – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. Findings – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. Practical implications – Universities can assess their ISAT for students based on the findings of this study. Originality/value – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.

Download Full-text