Pub Date : 2019-03-01DOI: 10.4018/978-1-5225-7847-5.CH001
S. Furnell, Ismini Vasileiou
This chapter sets the scene for the book as a whole, establishing the need for cybersecurity awareness, training, and education in order to enable us to understand and meet our security obligations. It begins by illustrating key elements that ought to form part of cybersecurity literacy and the questions to be asked when addressing the issue. It then examines the problems that have traditionally existed in terms of achieving awareness and education, both at the user level (in terms of lack of support) and the practitioner level (in terms of a skills shortage). The discussion highlights the importance of a holistic approach, covering both personal and workplace use, and addressing the spectrum from end-users through to cybersecurity specialists.
{"title":"A Holistic View of Cybersecurity Education Requirements","authors":"S. Furnell, Ismini Vasileiou","doi":"10.4018/978-1-5225-7847-5.CH001","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH001","url":null,"abstract":"This chapter sets the scene for the book as a whole, establishing the need for cybersecurity awareness, training, and education in order to enable us to understand and meet our security obligations. It begins by illustrating key elements that ought to form part of cybersecurity literacy and the questions to be asked when addressing the issue. It then examines the problems that have traditionally existed in terms of achieving awareness and education, both at the user level (in terms of lack of support) and the practitioner level (in terms of a skills shortage). The discussion highlights the importance of a holistic approach, covering both personal and workplace use, and addressing the spectrum from end-users through to cybersecurity specialists.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115358064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH011
Peter Fischer
This chapter traces the evolution of cybersecurity skills requirements and development over the past 40 years, from the early days of computer security (Compusec) to the present day. The development of cybersecurity skills is traced from an initial focus upon national security and confidentiality through to the current recognition as business driver. The main part of the chapter concentrates on the development of a specific skills framework from the Institute of Information Security Professionals. Originally conceived in 2006 and initially used for purposes of membership accreditation, the IISP Skills Framework has since been used extensively by commerce, industry, government and academia in the UK and more widely. Version 2 of the framework was published in 2016, and the chapter discussion outlines both the original structure and the notable changes in the later release. These developments collectively illustrate the ongoing recognition of cybersecurity skills, as well as the evolution of the skills themselves.
{"title":"A Cybersecurity Skills Framework","authors":"Peter Fischer","doi":"10.4018/978-1-5225-7847-5.CH011","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH011","url":null,"abstract":"This chapter traces the evolution of cybersecurity skills requirements and development over the past 40 years, from the early days of computer security (Compusec) to the present day. The development of cybersecurity skills is traced from an initial focus upon national security and confidentiality through to the current recognition as business driver. The main part of the chapter concentrates on the development of a specific skills framework from the Institute of Information Security Professionals. Originally conceived in 2006 and initially used for purposes of membership accreditation, the IISP Skills Framework has since been used extensively by commerce, industry, government and academia in the UK and more widely. Version 2 of the framework was published in 2016, and the chapter discussion outlines both the original structure and the notable changes in the later release. These developments collectively illustrate the ongoing recognition of cybersecurity skills, as well as the evolution of the skills themselves.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"10852 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123826788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH007
G. Dhillon, Kane J. Smith, Karin Hedström
Within an organization, it is critical that all employees possess a security awareness and thus play a part in the protection of said organization's information assets. Some employees will have key roles and responsibilities and require specific skills to support them. However, organizations can face challenges in regard to recognizing the required specialized skills as well as where to obtain them. For this reason, whether an organization chooses to hire new staff, developing existing staff, or outsource the activities altogether, it is necessary to know the type and level of expertise required. To this end, this chapter discusses the need for organizations to understand and identify the essential skills related to cybersecurity in order for their employees to develop core competencies in these areas.
{"title":"Ensuring Core Competencies for Cybersecurity Specialists","authors":"G. Dhillon, Kane J. Smith, Karin Hedström","doi":"10.4018/978-1-5225-7847-5.CH007","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH007","url":null,"abstract":"Within an organization, it is critical that all employees possess a security awareness and thus play a part in the protection of said organization's information assets. Some employees will have key roles and responsibilities and require specific skills to support them. However, organizations can face challenges in regard to recognizing the required specialized skills as well as where to obtain them. For this reason, whether an organization chooses to hire new staff, developing existing staff, or outsource the activities altogether, it is necessary to know the type and level of expertise required. To this end, this chapter discusses the need for organizations to understand and identify the essential skills related to cybersecurity in order for their employees to develop core competencies in these areas.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122444187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH012
A. Davis
The chapter looks at the burgeoning field of certification for individuals in the field of information security or cybersecurity. Individual information security certifications cover a wide range of topics from the deeply technical to the managerial. These certifications are used as a visible indication of an individual's status and knowledge, used to define experience and status, used in job descriptions and screening, and may define expectations placed on the individual. This chapter examines how these certifications are produced, the subjects they cover, and how they integrate and the various audiences to which the certifications are aimed. The role, the perceived and real value, and benefits of certification within the field of information security both from an individual and an organizational perspective are discussed. Finally, some conclusions on certification are presented.
{"title":"The Role of Cybersecurity Certifications","authors":"A. Davis","doi":"10.4018/978-1-5225-7847-5.CH012","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH012","url":null,"abstract":"The chapter looks at the burgeoning field of certification for individuals in the field of information security or cybersecurity. Individual information security certifications cover a wide range of topics from the deeply technical to the managerial. These certifications are used as a visible indication of an individual's status and knowledge, used to define experience and status, used in job descriptions and screening, and may define expectations placed on the individual. This chapter examines how these certifications are produced, the subjects they cover, and how they integrate and the various audiences to which the certifications are aimed. The role, the perceived and real value, and benefits of certification within the field of information security both from an individual and an organizational perspective are discussed. Finally, some conclusions on certification are presented.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123805938","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH003
S. Smyth, K. Curran, Nigel McKelvey
Insider threats present a major concern for organizations worldwide. As organizations need to provide employees with authority to access data to enable them to complete their daily tasks, they leave themselves open to insider attacks. This chapter looks at those who fall into the category which can be referred to as insiders and highlights the activity of outsourcing which is employed by many organizations and defines the term insider threat while pointing out what differentiates an accidental threat from a malicious threat. The discussion also considers various methods of dealing with insider threats before highlighting the role education and awareness plays in the process, the importance of tailoring awareness programs, and what the future holds for insider threats within organizations.
{"title":"The Role of Education and Awareness in Tackling Insider Threats","authors":"S. Smyth, K. Curran, Nigel McKelvey","doi":"10.4018/978-1-5225-7847-5.CH003","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH003","url":null,"abstract":"Insider threats present a major concern for organizations worldwide. As organizations need to provide employees with authority to access data to enable them to complete their daily tasks, they leave themselves open to insider attacks. This chapter looks at those who fall into the category which can be referred to as insiders and highlights the activity of outsourcing which is employed by many organizations and defines the term insider threat while pointing out what differentiates an accidental threat from a malicious threat. The discussion also considers various methods of dealing with insider threats before highlighting the role education and awareness plays in the process, the importance of tailoring awareness programs, and what the future holds for insider threats within organizations.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127943427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH002
Joshua Crumbaugh
Human error is the cause of over 95% of data breaches and the weakest aspect of cybersecurity in nearly all organizations. These errors guarantee that hackers can easily gain access to almost any network in the world and take complete control of systems, data, and more. This chapter outlines the top mistakes organizations make in security awareness and why most companies are failing to properly prepare their users for cyber-attacks. Each point is accompanied by actionable data derived from real-world training program successes and failures.
{"title":"Common Mistakes in Delivering Cybersecurity Awareness","authors":"Joshua Crumbaugh","doi":"10.4018/978-1-5225-7847-5.CH002","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH002","url":null,"abstract":"Human error is the cause of over 95% of data breaches and the weakest aspect of cybersecurity in nearly all organizations. These errors guarantee that hackers can easily gain access to almost any network in the world and take complete control of systems, data, and more. This chapter outlines the top mistakes organizations make in security awareness and why most companies are failing to properly prepare their users for cyber-attacks. Each point is accompanied by actionable data derived from real-world training program successes and failures.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"156 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114282114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH010
T. Tokola, Thomas Schaberreiter, G. Quirchmayr, Ludwig Englbrecht, G. Pernul, S. Katsikas, B. Preneel, Q. Tang
This chapter presents an implementation of a cybersecurity education program. The program aims to address some issues identified in current cybersecurity teaching in higher education on a European level, like the fragmentation of cybersecurity expertise or resource shortage, resulting in few higher education institutions to offer full degree programs. As a result of the Erasmus+ strategic partnership project SecTech, the program tries to overcome those issues by introducing collaborative development to cybersecurity education. SecTech lays the foundations for a collaborative education program, like the definition of a clear content, module and delivery structure, and the appropriate tool support to facilitate collaboration and content reuse. Additional effort is required to achieve long-term success, including the creation of a community that drives the content creation and maintenance, as well as an independent governance structure to steer the project in the long-term. While the project focuses on European collaboration, a global community is envisioned.
{"title":"A Collaborative Cybersecurity Education Program","authors":"T. Tokola, Thomas Schaberreiter, G. Quirchmayr, Ludwig Englbrecht, G. Pernul, S. Katsikas, B. Preneel, Q. Tang","doi":"10.4018/978-1-5225-7847-5.CH010","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH010","url":null,"abstract":"This chapter presents an implementation of a cybersecurity education program. The program aims to address some issues identified in current cybersecurity teaching in higher education on a European level, like the fragmentation of cybersecurity expertise or resource shortage, resulting in few higher education institutions to offer full degree programs. As a result of the Erasmus+ strategic partnership project SecTech, the program tries to overcome those issues by introducing collaborative development to cybersecurity education. SecTech lays the foundations for a collaborative education program, like the definition of a clear content, module and delivery structure, and the appropriate tool support to facilitate collaboration and content reuse. Additional effort is required to achieve long-term success, including the creation of a community that drives the content creation and maintenance, as well as an independent governance structure to steer the project in the long-term. While the project focuses on European collaboration, a global community is envisioned.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121155931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH006
M. Oldham, Abigail McAlpine
If the material is to be delivered effectively, organizations need to understand the human side of cyber security training. In this chapter, the authors draw upon over a decade of experience in creating and adapting training and resources with the help of industry professionals and feedback from clients, which has led to a successful and highly acclaimed approach to cybersecurity education. The resulting discussion considers how to adopt the right approach to cybersecurity training for organizations, with training modules that cater to end users, and which are designed to ensure maximum retention of information by presenting short, humorous, animated scenarios that are relatable for the target audience.
{"title":"Techniques and Tools for Trainers and Practitioners","authors":"M. Oldham, Abigail McAlpine","doi":"10.4018/978-1-5225-7847-5.CH006","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH006","url":null,"abstract":"If the material is to be delivered effectively, organizations need to understand the human side of cyber security training. In this chapter, the authors draw upon over a decade of experience in creating and adapting training and resources with the help of industry professionals and feedback from clients, which has led to a successful and highly acclaimed approach to cybersecurity education. The resulting discussion considers how to adopt the right approach to cybersecurity training for organizations, with training modules that cater to end users, and which are designed to ensure maximum retention of information by presenting short, humorous, animated scenarios that are relatable for the target audience.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129813412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.4018/978-1-5225-7847-5.CH008
Alastair Irons
This chapter draws on current research and best practice into teaching in cybersecurity in higher education. The chapter provides a theoretical and pedagogical foundation for helping tutors make decisions about what topics to include and approaches to teaching and assessing the cybersecurity curriculum. There are of course a range of potential stakeholders in cybersecurity education ranging from government, policy, and law makers to all members of society. However, for the purposes of brevity, this chapter will focus on learners and those creating and delivering cybersecurity education in the higher education (HE) sector.
{"title":"Delivering Cybersecurity Education Effectively","authors":"Alastair Irons","doi":"10.4018/978-1-5225-7847-5.CH008","DOIUrl":"https://doi.org/10.4018/978-1-5225-7847-5.CH008","url":null,"abstract":"This chapter draws on current research and best practice into teaching in cybersecurity in higher education. The chapter provides a theoretical and pedagogical foundation for helping tutors make decisions about what topics to include and approaches to teaching and assessing the cybersecurity curriculum. There are of course a range of potential stakeholders in cybersecurity education ranging from government, policy, and law makers to all members of society. However, for the purposes of brevity, this chapter will focus on learners and those creating and delivering cybersecurity education in the higher education (HE) sector.","PeriodicalId":336347,"journal":{"name":"Cybersecurity Education for Awareness and Compliance","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133291311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: