Search results

The purpose of this paper is to examine gender differences in predictors of technology threat avoidance motivation and behavior among working US adults. Implications were considered in regard to cybersecurity awareness training motivation and perceptions of need for protective cybersecurity behavior in the workplace.

A single-shot regression-based study used ordinal regression supported by K-means clustering to evaluate the moderating effects of gender on predictors of technology threat avoidance motivation and behavior on a sample of n = 206 US adult workers.

The regression model explained 47.5% of variance in avoidance motivation and 39% of avoidance behavior variance. Gender moderated predictive associations between several independent variables and avoidance motivation: perceived susceptibility, perceived effectiveness, perceived cost and self-efficacy. Gender also moderated the association between avoidance motivation and avoidance behavior.

The predictive impact of gender extends beyond the main effects in technology threat avoidance. Data frequency distributions and inter-variable relationships should be routinely considered in threat avoidance studies, especially if sample variables exhibit non-normal frequency distributions and nonlinear associations.

Gender was significantly associated with threat avoidance motivation and avoidance behavior and exhibited notable associations with antecedents of avoidance motivation. Related insights can inform the design and delivery of training content relating to technology threat avoidance as organizations strive to more effectively leverage information technology end-users as protective assets for the enterprise.

The uniqueness of this study derives from its focus and findings regarding the moderating effects of gender on technology threat avoidance factors and techniques used to measure and evaluate the associations between them.

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.

A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.

Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.

The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.

This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research.

This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents.

After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance.

Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent.

Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry.

This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security posture as it adapts to remote working because of the Coronavirus 2019 (COVID-19). The pandemic forced businesses to move operations from offices to remote working. Given that this happened quickly for many, some firms had little time to factor in appropriate cyber-hygiene and incident prevention measures, thereby exposing themselves to vulnerabilities such as phishing and other scams.

The exercise was designed and facilitated through Microsoft Teams. The approach used included a literature review and an experiential learning method that used scenario-based, active pedagogical strategies such as case studies, simulations, role-playing and discussion-focused techniques to develop and evaluate processes and procedures used in preventing, detecting, mitigating, responding and recovering from cyber incidents.

The exercise highlighted the value of using scenario-based exercises in cyber security training. It elaborated that scenario-based incident response (IR) exercises are beneficial because well-crafted and well-executed exercises raise cyber security awareness among managers and IT professionals. Such activities with integrated operational and decision-making components enable businesses to evaluate IR and disaster recovery (DR) procedures, including communication flows, to improve decision-making at strategic levels and enhance the technical skills of cyber security personnel.

It maintained that the primary implication for practice is that they enhance security awareness through practical experiential, hands-on exercises such as this VIRTTX. These exercises bring together staff from across a business to evaluate existing IR/DR processes to determine if they are fit for purpose, establish existing gaps and identify strategies to prevent future threats, including during challenging circumstances such as the COVID-19 outbreak. Furthermore, the use of TTXs or TTEs for scenario-based incident response exercises was extremely useful for cyber security practice because well-crafted and well-executed exercises have been found to serve as valuable and effective tools for raising cyber security awareness among senior leadership, managers and IT professionals (Ulmanová, 2020).

This paper underlines the importance of practical, scenario-based cyber-IR training and reports on the experience of conducting a virtual IR/DR tabletop exercise within a large organisation.

This chapter critically evaluates opportunities and challenges associated with developing diversity and embracing inclusion of cyber security talent in a multinational consultancy firm and offers recommendations on how to optimize inclusion of young talent in this sensitive business area within a multinational company. Drawing on one of the author's experience as a young cyber security professional with a non-technical background, entering the profession through a consultancy graduate development programme, this paper offers a unique perspective on how to enhance cohesion in diversity across linear and non-linear routes into cyber security.

While the scope is limited to cyber security talent in early careers, the competency-based approach means that recommendations around developing diversity and embracing inclusion can be applied to young talent in other business competence areas. Each recommendation can be used as a building block to influence and shape future equality, diversity and inclusion (ED&I) strategy in consultancy.

The purpose of this research paper is to evaluate and estimate the cybersecurity maturity and awareness risk for workforce management in railway transportation by using Railway-Cybersecurity Capability Maturity Model (R-C2M2) and Information Security Awareness Capability Model (ISACM), respectively.

This research uses a case study strategy, so primary data comprise the majority of data collected. These data were collected through interviews and questionnaires. The secondary data were collected from the literature, technical reports and standards.

The results show that there is a gap in cybersecurity awareness within the workforce and there is a need to improve this gap. This paper provides some of the recommendations and literature to enhance cybersecurity workforce culture within railway organizations.

In this paper, the authors have demonstrated that cybersecurity awareness has positive impact on the overall dependability of the railway system.

This paper describes the importance of cybersecurity awareness and training in building more cyber resiliency across the operation and maintenance of railway.

Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination of some legal aspects concerning MNEs, cyberspace and e‐commerce as the means of expression of the digital economy. The whole effort of the author is focused on the examination of various aspects of MNEs and their impact upon globalisation and vice versa and how and if we are moving towards a global digital economy.