Addressing human factors in the design of cyber hygiene self-assessment tools

As cybersecurity (CS) threats become more sophisticated and diversified, organisations are urged to constantly adopt and update measures for contrasting different types of attacks. Particularly, as novel techniques (e.g., social engineering and phishing) are aimed at leveraging individual users’ vulnerabilities to attack and breach a larger system or an entire company, user awareness and behaviour have become key factors in preventing adverse events, mitigating their damage, and responding appropriately. As a result, the concept of Cyber Hygiene (CH) is becoming increasingly relevant to address the risk associated to an individual’s CS practices. Consequently, self-assessment tools are becoming more important for evaluating user’s literacy, implementing measures (e.g., training), and studying the effectiveness of interventions. This paper proposes a framework for including human factors in the design of self-assessment tools and for accurately modelling CH aspects that the root cause in CS issues.