In order to strengthen Critical Infrastructure’s protection and resilience, it is central to invest in training and simulations, to spread a security culture and develop the awareness among all personnel involved in the Critical Infrastructure security. Nowadays, attackers represent a major threat due to the combination of both cyber and kinetic operations, targeting human factors vulnerabilities. It is also critical to develop and straighten a “human firewall” inside critical organizations through the enhancement of Security Education, Training and Awareness (SETA) and stresses the need for the development of a security culture inside organizations. In such scenarios, today, the awareness within organizations, both in public and private sector, is achieved through passive and active training techniques. A hybrid approach is proposed as a powerful compromise between the two that can best deliver the desired level of awareness and meet the needs and satisfaction of employees. Adopting a balanced mix of techniques that comprise engagement-based and less interactive methods seems to be the best way to attain security awareness.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...