Organizations continue to use security education training and awareness (SETA) programs to reduce the number of cybersecurity incidents related to phishing. A large healthcare organization contacted the authors to share that they continued to struggle with the efficacy of their traditional training program and to ask whether we could design a better program. Using an...
Fortifying healthcare: An action research approach to developing an effective SETA program
A taxonomy of SETA methods and linkage to delivery preferences
Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific...
Characterizing and measuring maliciousness for cybersecurity risk assessment
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality,...
Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union
We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and researchers, end-users conduct it in the context of their daily lives, as a socially accountable and resource-limited activity. We...
Research on the effectiveness of cyber security awareness in ICS risk assessment frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the ICS. Additionally, this study has adopted a variety of cyber security emergency response process measures and frameworks...