Spelling suggestions: "subject:"cybersecurity awareness"" "subject:"cybersecurity owareness""
1 |
Motivating Cybersecurity Awareness within an Organisation : An explorative study from an awareness practitioner’s perspectiveAgbo-ola, Adedoyin January 2022 (has links)
Security awareness has been a popular topic in the last few years for both information systems researchers and organisations. News broadcasts has brought attention to the increase in cyber-attacks, with these reports noting that a significant number of these breaches have been caused by human error, linked to employee’s lack of engagement with their organisations security policies and awareness campaigns. Whilst there is existing research in human factorsand the barriers of security behaviours effect on cybersecurity awareness; in practice we know very little about how employees can be motivated to engage in cybersecurity awareness programs. This study aims to explore how information security practitioners motivate interest in cybersecurity awareness. It does this through an exploratory case study approach using qualitative data collected from in-depth interviews of four cybersecurity awareness practitioners that were conducted. From an application perspective, the findings suggest that these practitioners do use a variety of techniques to motivate employee interest in cybersecurity awareness. The study identified four factors used by practitioners to motivate cybersecurity awareness which are 1) using different engaging techniques, 2) making it personable & relatable, 3) utilising leadership commitment and 4) embracing technical controls. This paper discusses these factors and implications for practitioners.
|
2 |
Development of a guideline for cybersecurity awareness-raising in large Swedish public organizations : A design science projectBurvall, Felicia January 2023 (has links)
Technological advancement has significantly impacted people and organizations during the last decade. Society is exposed to an increasing rate of cyber-attacks utilizing sophisticated tools to accomplish their objectives. Previously attackers’ primary focus was exploiting technological vulnerabilities to access organizations’ information; however, attackers have shifted their focus to exploiting the vulnerabilities in people’s human nature instead. This has resulted in organizations acknowledging that technical security measures alone are insufficient in providing adequate protection for organizations and need to invest in mitigating the risk people pose to an organization’s cybersecurity. Thus realizing the need to address cybersecurity’s social-technical nature. Organizations have begun implementing cybersecurity awareness-raising initiatives to increase people’s cybersecurity awareness to reduce human-instigated breaches. This is especially crucial for organizations in the public sector to achieve because they tend to produce more destructive and widespread repercussions to society. To provide organizations in the public sector with the means to achieve good cybersecurity awareness, this thesis aims to develop a guideline for managers in large Swedish public organizations to assist them in their complex cybersecurity awareness-raising endeavors. The thesis employs a design science research strategy to develop, evaluate, and validate the guideline with the assistance of cybersecurity awareness experts. The results show six principal factors have been established as significant for raising cybersecurity awareness in large Swedish public organizations. These factors range from user-oriented, managerial, and technical, supporting the assertion that cybersecurity is a complex socio-technical matter. The key contribution of this thesis is to introduce a highly abstract guideline to enhance large Swedish public organizations’ cybersecurity awareness efforts.
|
3 |
An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Computer Self-Efficacy, Perceived Risk of Identity Theft, Attitude, and Motivation to Acquire Cybersecurity SkillsBlackwood-Brown, Carlene G. 01 January 2018 (has links)
Cyber-attacks on Internet users have caused billions of dollars in losses annually. Cybercriminals launch attacks via threat vectors such as unsecured wireless networks and phishing attacks on Internet users who are usually not aware of such attacks. Senior citizens are one of the most vulnerable groups who are prone to cyber-attacks, and this is largely due to their limited cybersecurity awareness and skills. Within the last decade, there has been a significant increase in Internet usage among senior citizens. It was documented that senior citizens had the greatest rate of increase in Internet usage over all the other age groups during the past decade. However, whenever senior citizens use the Internet, they are being targeted and exploited particularly for financial crimes, with estimation that one in five becoming a victim of financial fraud, costing more than $2.6 billion per year. Increasing the cybersecurity awareness and skills levels of Internet users have been recommended to mitigate the effects of cyber-attacks. However, it is unclear what motivates Internet users, particularly senior citizens, to acquire cybersecurity skills so that they can identify as well as mitigate the effects of the cyber-attacks. It is also not known how effective cybersecurity awareness training are on the cybersecurity skill level of senior citizens. Therefore, the main goal of this quantitative study was to empirically investigate the factors that contributed to senior citizens’ motivation to acquire cybersecurity skills so that they would be able to identify and mitigate cyber-attacks, as well as assess their actual cybersecurity skills level. This was done by assessing a model of contributing factors identified in prior literature (senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, & older adults’ computer technology attitude) on the motivation of senior citizens to acquire cybersecurity skills. This study utilized a Web-based survey to measure the contributing factors and a hands-on scenarios-based iPad app called MyCyberSkills™ that was developed and empirically validated in prior research to measure the cybersecurity skills level of the senior citizens. All study measures were done before and after cybersecurity awareness training (pre- & post-test) to uncover if there were any differences on the assessed models and scores due to such treatment. The study included a sample of 254 senior citizens with a mean age of about 70 years.
Path analyses using Smart PLS 3.0 were done to assess the pre- and post-test models to determine the contributions of each contributing factor to senior citizens’ motivation to acquire cybersecurity skills. Additionally, analysis of variance (ANOVA) and analysis of covariance (ANCOVA) using SPSS were done to determine significant mean difference between the pre-and post-test levels of the senior citizens’ cybersecurity skill level. The path analysis results indicate that while all paths on both models were significant, many of the paths had very low path coefficients, which in turn, indicated weak relationships among the assessed paths. However, although the path coefficients were lower than expected, the findings suggest that both intrinsic and extrinsic motivation, along with antecedents such as senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, and older adults’ computer technology attitude significantly impact the cybersecurity skill levels of senior citizens. The analysis of variance results indicated that there was a significant increase in the mean cybersecurity skills scores from 59.67% to 64.51% (N=254) as a result of the cybersecurity awareness training. Hence, the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens, and empowered them with small but significant improvement in the requisite skills to take mitigating actions against cyberattacks.
The analysis of covariance results indicated that, except for years using computers, all the other demographic indicators were not significant. Contributions from this study add to the body of knowledge by providing empirical results on the factors that motivate senior citizens to acquire cybersecurity skills, and thus, may help in reducing some of the billions of dollars in losses accrued to them because of cyber-attacks. Senior citizens will also benefit in that they will be better able to identify and mitigate the effects of cyber-attacks should they attend cybersecurity awareness trainings. Additionally, the recommendations from this study can be useful to law enforcement and other agencies that work with senior citizens in reducing the number of cases relating to cybersecurity issues amongst senior citizens, and thus, free up resources to fight other sources of cybercrime for law enforcement agencies.
|
4 |
Cybersecurity Awareness Training : Using ContextBased MicroTraining to teach senior citizens about phishingLindvall, David January 2022 (has links)
While most Swedish citizens take advantage of the numerous benefits and conveniences today’s digitalized society offers, many senior citizens are digitally excluded. It is considered that a lack of digital technological knowledge is a big contributing factor. The lack of knowledge and experience with digital technology manifests into different types of fear, where fear of falling victim to cybercrime is the most prevalent. Phishing is a common cybercrime, which is still successfully employed by cybercriminals regardless of the various security measures and information available. Senior citizens are especially vulnerable, as phishing can be hard to recognize for less technical people. To combat this, education designed for increasing a user’s cybersecurity awareness is crucial. However, as cybersecurity can be a complex topic, there is a need for simplifying it and delivering related education in a meaningful way. This is where the method ContextBased MicroTraining (CBMT) comes in. For this thesis, a browser add-on called WebSec Coach, which utilizes the CBMT framework, is used as a tool to investigate how CBMT can support Swedish senior citizens in increasing their cybersecurity awareness regarding phishing. This was examined by conducting semi-structured interviews with eight respondents, from the age of 65 and up, that possessed some level of previous computer literacy. The results were then analyzed using thematic analysis, which showed that CBMT implemented in an embedded learning tool, like WebSec Coach, increased the cybersecurity awareness regarding phishing for all respondents. Regardless of the small sample size, the results in combination with previous research point to CBMT being a directly effective method in increasing cybersecurity awareness. Furthermore, the results showed that all respondents perceived WebSec Coach positively and were interested in using it themselves after the interviews. This indicates a potential acceptance amongst senior citizens, provided that the application reaches that target group.
|
5 |
Understanding Sociotechnical Factors Impacting Cybersecurity Controls on Mobile Devices and Smartphones at the Individual LevelGadi, Abdullah Mohamed Y. 05 1900 (has links)
Technological advances such as mobile technology, big data, and machine learning allow businesses to associate advertisements with consumer behaviors to maximize sales. Thus, information about consumer behavior became the central resource of businesses. Recent discussions and concerns about the emerging economic order centered around capturing consumers' data suggest that more research efforts be allocated to address new challenges in different domains, such as health, education, smart cities, and communication. Research on individual cybersecurity behavior is relatively new and requires more attention in academic research. This study has proposed and validated a cybersecurity behavioral model to enrich our understanding of users' behavioral intention (BI) to use cybersecurity controls. An online survey was used to collect information from University of North Texas (UNT) students to explore various technology usage determinants and specific computer security practices. The instrument measured the actual cybersecurity controls behaviors (ACB) by incorporating technical and social factors. Accordingly, the construct of ACB was created and validated to test how it relates to the participants' behavioral intentions. The findings confirm a large number of the proposed relationships. Additionally, the results show that the model explained a significant amount of variance in the proposed dependent variables BI and ACB. Within the context of information control behavior, the relationships between the study's constructs suggest adequate generalizability and robustness of the study's theoretical framework.
|
6 |
The effect of time pressure on human behavior regarding phishing susceptibility : Human aspects in information securityAbbasi, Muhammad Abbas Khan January 2023 (has links)
Human errors are common in the contemporary cyber ecosystem, and in an organization’s cybersecurity chain, humans are considered the weakest link. Cybercriminals exploit human vulnerabilities using sophisticated attacks such as phishing. Human susceptibility to phishing is a persistent threat, and has a devastating effect on organizational and personal security. Previous researchers found that human susceptibility to phishing increases in presence of some factors such as organizational, individual, and environmental. Various studies highlight time pressure as one of the influencing factors that can negatively or positively impact human behavior. This research study aimed to investigate the effect of time pressure on human cybersecurity behavior regarding the ability to detect phishing. The study used quantitative research and developed a questionnaire comprising interactive phishing emails distributed online to 03 random groups having different time limits to complete the questionnaire. The study received 356 complete responses. The study's result shows a slight change in user behavior under time pressure, and the impact of time pressure can be positive or negative. However, the results are not statistically significant for all demographic groups to accept this slight change in variance. Moreover, this study's results validate previous studies on human susceptibility to phishing and found more than 50 % of respondents vulnerable to phishing. Thus, the results of this study indicate that the factor of time pressure itself does not significantly impact the human ability to detect phishing. However, it is essential to note that other work-related tasks or stress associated with time pressure can influence human behavior in detecting phishing attempts. In conclusion, the author also proposes further testing and some methodology tweaking by modifying the time given to each tested group and adding more elements to the questionnaire. Finally, the study also suggested conducting the same analysis on physically controlled groups in an organizational or institutional setting.
|
7 |
The effect of human memory on password behavior : An investigationTarczal, Márton January 2023 (has links)
Passwords are widely used as a primary method of authentication and access control, making them a critical component in safeguarding digital assets. However, individuals’ password-related behaviors, such as password selection, memorization, and management, significantly impact the security of their accounts. Cognitive abilities, one of which is memory capacity, have also been shown in past research to affect cybersecurity awareness and therefore password behavior, as an extension of this. This thesis aimed to explore how individuals’ short-term memory capacity influenced their password behavior and its implications for cybersecurity. The research methodology used a questionnaire as a quantitative approach towards this issue. The study examined participants’ password creation strategies and their ability to remember different aspects using cued recall. Furthermore, the relationship between password behavior and short-term memory capacity was also explored in terms of four different demographic subgroups, namely gender, age, level of education, and IT competence. The evaluation has been performed using statistical analysis on 315 complete questionnaire responses. The results of this thesis work corroborate most of the previous research on the aforementioned topics, such that females and older age were the strongest predictors of correlation between password behavior and short-term memory capacity. This thesis work can be used as guidance when conducting further research on the effects of various cognitive abilities on cybersecurity awareness.
|
8 |
IT security expert’s perceptions of cybersecurity when working remotely compared to working in the office : A quality study on Swedish insurance companies / IT-säkerhetsexperters uppfattningar om cybersäkerhet vid distansarbete jämfört med arbete på kontoret : En kvalitativ studie på svenska försäkringsbolagKullander, Kristoffer, Cselenyi, Mathilda January 2024 (has links)
Teleworking has become a significant aspect of working life, especially after the outbreak of the COVID-19 pandemic, which accelerated the trend of teleworking. However, this shift has increased the risk of cyber threats and security risks. Despite organizations' efforts to strengthen cybersecurity, a significant risk remains, with employees posing one of the main security risks in the form of human error and mistakes. Previous research highlights that employees tend to exhibit lower levels of cybersecurity awareness and are more likely to perform riskful actions when working remotely compared to working in the office. However, recent research has shown the opposite, where employees are more conscious of cybersecurity awareness and more likely to apply security-based precaution measures during remote work compared to office work. In light of these research findings, this study focuses on examining how IT-security experts perceive cybersecurity when working remotely compared to working in the office. To explore this, the study has, through qualitative mapping, conducted semi-structured interviews with a theoretical basis in Protection Motivation Theory (PMT). Overall, the study showed that IT- security experts perceive cybersecurity as more manageable when working in the office compared to remote work, with an increased awareness of the importance of the human factor. / Distansarbete har blivit en betydande aspekt av arbetslivet, särskilt efter utbrottet av Covid-19- pandemin, vilket accelererade trenden med distansarbete. Denna omställning har emellertid ökat risken för cyberhot och säkerhetsrisker. Trots organisationers insatser för att stärka cybersäkerheten kvarstår en betydande risk, då anställda utgör en av de främsta säkerhetsriskerna i form av mänskliga fel och misstag. Tidigare forskning framhäver att anställda ofta är mindre säkerhetsmedvetna och mer benägna att utföra riskfyllda handlingar när de arbetar på distans jämfört med arbete på kontoret. Däremot har senare forskning visat motsatsen, där anställda är mer säkerhetsmedvetna och mer benägna att vidta säkerhetsåtgärder under distansarbete jämfört med arbete på kontoret. Mot bakgrund till dessa forskningsresultat, fokuserar denna studie på att undersöka hur IT-säkerhetsexperter uppfattar cybersäkerhet vid distansarbete jämfört med arbete på kontoret. För att utforska detta har studien, genom kvalitativ kartläggning, genomfört semistrukturerade intervjuer med teoretisk grund i Protection Motivation Theory (PMT). Sammantaget visade studien på att IT-säkerhetsexperter uppfattar cybersäkerhet som mer hanterbar vid arbete på kontoret jämfört med distansarbete, med en ökad medvetenhet om den mänskliga faktorns betydelse.
|
9 |
Securing futures by bridging the gap in online safety education for youthIradat, Sonia January 2024 (has links)
This thesis investigates the integration of cybersecurity education in Swedish middle schools, highlighting the need to enhance current educational frameworks to address the increasing cybersecurity threats faced by young students. Employing qualitative methods, interviews were conducted with school principals, assistant principals, and IT teachers across Sweden to gather insights into the challenges of embedding effective cybersecurity practices in school curricula. The findings reveal substantial gaps in the consistency and depth of cybersecurity education, with significant discrepancies in curricular content and teacher training across schools. While some educational institutions have initiated steps toward incorporating cybersecurity topics, there remains a lack of a standardized curriculum that can be uniformly implemented across all schools. The study underscores the urgent need for comprehensive guidelines and resources to support schools in delivering effective cybersecurity education. It suggests that future efforts should focus on developing standardized curricula, enhancing teacher training, and fostering broader stakeholder engagement to ensure that students are equipped with necessary digital safety skills.This research contributes valuable perspectives to the ongoing discourse on digital literacy and cybersecurity, proposing strategic directions for policy and educational development to safeguard future digital citizens.
|
10 |
Enhancing cybersecurity awareness through educational games : design of an adaptive visual novel gameBouzegza, Firdaous 04 1900 (has links)
Dans un monde qui est en numérisation constante, la dépendance aux outils technologiques est devenue inévitable. La pandémie de COVID-19 a encore accéléré la tendance vers le travail et l'éducation à distance, entraînant une augmentation de l'activité en ligne et de l'échange de données. Cependant, malgré cette augmentation de l'activité en ligne, le niveau de sensibilisation à la cybersécurité chez un nombre important d'utilisateurs reste insuffisant. De nombreux utilisateurs manquent d'une éducation appropriée en matière de cybersécurité et de confidentialité en ligne et démontrent une compréhension insuffisante de la sensibilité de leurs données. Nous avons mené une enquête auprès de plus de 300 utilisateurs qui a confirmé que le besoin de contenu de meilleure qualité était évident. Les jeux éducatifs ont démontré leur efficacité en tant qu'outils d'enseignement et d'apprentissage, en particulier pour vulgariser des sujets qui nécessitent généralement une connaissance approfondie pour être maîtrisés. Cependant, des défis sont associés quant à la qualité et à l'évaluation des jeux sérieux, car plusieurs aspects de l’amusement sont subjectifs et intangibles.
Motivée par le besoin de jeux éducatifs "de haute qualité" améliorés, cette thèse construit une échelle pour affiner les critères mentionnés par l'évaluation des jeux sérieux de Caserman et l'applique à 45 jeux de cybersécurité. L'évaluation a révélé une insuffisance dans les critères de l’amusement, en particulier le manque d'adaptation dynamique. En conséquence, cette étude propose le cadre de jeu de cybersécurité EVNAG (Educational Visual Novel Adaptive Game), qui s'articule autour de l'adaptation dynamique de la difficulté comme solution à ce problème. Inspiré par cette architecture, le roman visuel de cybersécurité "Grown-Up Blues" a été implémenté.
La thèse contribue au corpus croissant de recherches sur les jeux éducatifs en cybersécurité et fournit des idées pour concevoir des jeux éducatifs efficaces qui améliorent l'éducation en matière de cybersécurité. / In a world that continues to be increasingly digitalized, the dependency on technological tools has become unavoidable. The COVID-19 pandemic has further accelerated the trend towards remote work and education, leading to an increase in online activity and data exchange. However, despite this surge in online activity, the level of cybersecurity awareness among a significant number of users remains inadequate. Many users lack proper education on cybersecurity and online privacy and demonstrate a lack of understanding of the sensitivity of their data. A survey we conducted on more than 300 users confirmed that the need for more quality content was blatant. Educational games have demonstrated their effectiveness as teaching and learning tools, particularly in vulgarizing topics generally requiring in-depth knowledge to master. However, challenges are associated with the quality and assessment of serious games, as multiple aspects of game enjoyment are subjective and intangible.
Motivated by the need for improved “high quality” educational games, this thesis builds a scale to refine the criteria mentioned by Caserman’s assessment of serious games and applies that to 45 cybersecurity games. The assessment indicated a deficiency in the enjoyment criteria, specifically the lack of dynamic adaptation.
As a result, this study proposes the EVNAG (Educational Visual Novel Adaptive Game) cybersecurity game framework, which centers on Dynamic Difficulty Adaptation as a solution to this issue. Inspired by this architecture, the cybersecurity visual novel “Grown-Up Blues” was implemented.
The thesis contributes to the growing body of research on educational games in cybersecurity and provides insights for designing effective educational games that enhance cybersecurity education.
|
Page generated in 0.0969 seconds