Mitigating cyber attacks through the measurement of non-IT professionals' cybersecurity skills. (11th March 2019)
- Record Type:
- Journal Article
- Title:
- Mitigating cyber attacks through the measurement of non-IT professionals' cybersecurity skills. (11th March 2019)
- Main Title:
- Mitigating cyber attacks through the measurement of non-IT professionals' cybersecurity skills
- Authors:
- Carlton, Melissa
Levy, Yair
Ramim, Michelle - Abstract:
- Abstract : Purpose: Users' mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals. Design/methodology/approach: This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals. Findings: The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT. Research limitations/implications: Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability. Originality/value: The validated and reliable CSIAbstract : Purpose: Users' mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals. Design/methodology/approach: This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals. Findings: The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT. Research limitations/implications: Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability. Originality/value: The validated and reliable CSI operationalized as a tool that measures the cybersecurity skills of non-IT professionals. This benchmarking tool could assist organizations with mitigating threats due to vulnerabilities and breaches caused by employees due to poor cybersecurity skills. … (more)
- Is Part Of:
- Information and computer security. Volume 27:Number 1(2019)
- Journal:
- Information and computer security
- Issue:
- Volume 27:Number 1(2019)
- Issue Display:
- Volume 27, Issue 1 (2019)
- Year:
- 2019
- Volume:
- 27
- Issue:
- 1
- Issue Sort Value:
- 2019-0027-0001-0000
- Page Start:
- 101
- Page End:
- 121
- Publication Date:
- 2019-03-11
- Subjects:
- Cyber threat mitigation -- Cybersecurity assessment of non-IT professionals -- Cybersecurity skills index
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-11-2016-0088 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22145.xml