AffiliationUniversity of Chester
MetadataShow full item record
AbstractCyber threats to organisations across all industries are increasing in both volume and complexity, leading to significant, and sometimes severe, conse-quences. The common weakest link in organisations security is the human vulnerability. The sudden popularity of remote-working due to the Covid-19 pandemic opened organisations and their employees up to more risks, partic-ularly as many workers believe that they are more distracted when at home. Existing cyber training using a ‘one-size-fits-all’ approach has been proven inefficient/ineffective and the need for a more fit-for-purpose training is re-quired. When it comes to cyber training, we know that there is no single-training-fits-all solution – people have different technical skills, different prior knowledge and experience, are in different roles, exposed to different security risks, and require knowledge that is relevant to what they do. This study makes a case for tailored role-based cybersecurity training suitable for awareness within organisations across multiple industries. The study ex-plores the strengths and weaknesses of existing cyber training and literature to make recommendations on efficient awareness and training programme strategies. The study carries out knowledge and task analysis of job roles to create profiles of skills and knowledge they require. These are grouped by topic and level to form scenario-based multiple-choice questions which are mapped to create a Cyber Awareness Platform (CAP). A CAP prototype is in-troduced as a flexible web-based system allowing users to assess their prior knowledge and skills personalised to their role. Knowledge gaps and training needs are identified, and recommendations are tailored to the individual. Ini-tial analysis of CAP shows promising results, indicating that such role-sensitive solution would be highly beneficial to users. This offers further de-velopment opportunities in producing an all-in-one cyber assessment and training platform.
CitationEze, T., & Hawker, N. (2022). CAP: Patching the human vulnerability. In N. Clarke & S. Furnell (Eds.), Human aspects of information security and assurance: 16th IFIP International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings (pp. 106-119). Springer.
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-nd/4.0/