Cyber security is a concern for all modern organizations. These organizations cannot achieve their cyber security goals through hardware and information technology (IT) workers alone, so all employees who use computer networks must be trained on the knowledge, skills and policies related to cyber security. This paper reviews what is known about effective cyber security training for end users of computer systems and offers suggestions about how human resource (HR) leaders can effectively implement this training. This includes a broad review of the cyber security policies and competencies that are the basis for training needs analysis,
setting learning goals, and effective training design. Finally, the paper discusses opportunities for human resource (HR) practitioners, industrial and organizational (I-O) psychologists, and information technology (IT) specialists to integrate their skills and enhance the capabilities of organizations to counteract cyber security threats.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...