Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs

Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been fou...

Full description

Bibliographic Details
Main Author: Goode, Jodi
Format: Others
Published: NSUWorks 2018
Subjects:
Online Access:https://nsuworks.nova.edu/gscis_etd/1045
https://nsuworks.nova.edu/cgi/viewcontent.cgi?article=2048&context=gscis_etd
id ndltd-nova.edu-oai-nsuworks.nova.edu-gscis_etd-2048
record_format oai_dc
spelling ndltd-nova.edu-oai-nsuworks.nova.edu-gscis_etd-20482019-10-20T04:13:25Z Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs Goode, Jodi Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities to organizations. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills, which allow for identification of security threats along with the proper course of action to mitigate such threats. In addition, awareness of the importance of cybersecurity, the responsibility of protecting organizational data, as well as of emerging cybersecurity threats is quickly becoming essential as the threat landscape increases in sophistication at an alarming rate. Security education, training, and awareness (SETA) programs can be used to empower employees, who are often cited as the weakest link in information systems (IS) security due to limited knowledge and lacking skillsets. Quality SETA programs not only focus on raising employee awareness of responsibilities in relation to their organizations’ information assets but also train on the consequences of abuse while providing the necessary skills to help fulfill these requirements. The main goal of this research study was to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two SETA program types (typical & socio-technical) and two SETA delivery methods (face-to-face & online). This study included a mixed method approach combining an expert panel, developmental research, and quantitative data collection. A panel of subject matter experts (SMEs) reviewed the proposed SETA program topics and measurement criteria for CCA per the Delphi methodology. The SMEs’ responses were incorporated into the development of two SETA program types with integrated vignette-based assessment of CCA and CyS, which were delivered via two methods. Vignette-based assessment provided a nonintrusive way of measurement in a pre- and post-assessment format. Once the programs had been reviewed by the SMEs to ensure validity and reliability, per the Delphi methodology, randomly assigned participants were asked to complete the pre-assessment, the SETA program, and then the post-assessment providing for the qualitative phase of the study. Data collected was analyzed using analysis of variance (ANOVA) and analysis of covariance (ANCOVA) to address the proposed research hypothesis. Recommendations for SETA program type and delivery method as a result of data analysis are provided. 2018-01-01T08:00:00Z dissertation application/pdf https://nsuworks.nova.edu/gscis_etd/1045 https://nsuworks.nova.edu/cgi/viewcontent.cgi?article=2048&context=gscis_etd CCE Theses and Dissertations NSUWorks Information technology Cybersecurity cybersecurity countermeasures awareness cybersecurity skills security security education training and awareness (SETA) Computer Sciences
collection NDLTD
format Others
sources NDLTD
topic Information technology Cybersecurity
cybersecurity countermeasures awareness
cybersecurity skills
security
security education
training
and awareness (SETA)
Computer Sciences
spellingShingle Information technology Cybersecurity
cybersecurity countermeasures awareness
cybersecurity skills
security
security education
training
and awareness (SETA)
Computer Sciences
Goode, Jodi
Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
description Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities to organizations. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills, which allow for identification of security threats along with the proper course of action to mitigate such threats. In addition, awareness of the importance of cybersecurity, the responsibility of protecting organizational data, as well as of emerging cybersecurity threats is quickly becoming essential as the threat landscape increases in sophistication at an alarming rate. Security education, training, and awareness (SETA) programs can be used to empower employees, who are often cited as the weakest link in information systems (IS) security due to limited knowledge and lacking skillsets. Quality SETA programs not only focus on raising employee awareness of responsibilities in relation to their organizations’ information assets but also train on the consequences of abuse while providing the necessary skills to help fulfill these requirements. The main goal of this research study was to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two SETA program types (typical & socio-technical) and two SETA delivery methods (face-to-face & online). This study included a mixed method approach combining an expert panel, developmental research, and quantitative data collection. A panel of subject matter experts (SMEs) reviewed the proposed SETA program topics and measurement criteria for CCA per the Delphi methodology. The SMEs’ responses were incorporated into the development of two SETA program types with integrated vignette-based assessment of CCA and CyS, which were delivered via two methods. Vignette-based assessment provided a nonintrusive way of measurement in a pre- and post-assessment format. Once the programs had been reviewed by the SMEs to ensure validity and reliability, per the Delphi methodology, randomly assigned participants were asked to complete the pre-assessment, the SETA program, and then the post-assessment providing for the qualitative phase of the study. Data collected was analyzed using analysis of variance (ANOVA) and analysis of covariance (ANCOVA) to address the proposed research hypothesis. Recommendations for SETA program type and delivery method as a result of data analysis are provided.
author Goode, Jodi
author_facet Goode, Jodi
author_sort Goode, Jodi
title Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
title_short Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
title_full Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
title_fullStr Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
title_full_unstemmed Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs
title_sort comparing training methodologies on employee’s cybersecurity countermeasures awareness and skills in traditional vs. socio-technical programs
publisher NSUWorks
publishDate 2018
url https://nsuworks.nova.edu/gscis_etd/1045
https://nsuworks.nova.edu/cgi/viewcontent.cgi?article=2048&context=gscis_etd
work_keys_str_mv AT goodejodi comparingtrainingmethodologiesonemployeescybersecuritycountermeasuresawarenessandskillsintraditionalvssociotechnicalprograms
_version_ 1719270668653035520