{"title":"网络安全倡导者:发现一个新兴角色的特征和技能。","authors":"Julie M Haney, Wayne G Lutters","doi":"10.1108/ics-08-2020-0131","DOIUrl":null,"url":null,"abstract":"<p><strong>Purpose: </strong>Cybersecurity advocates safeguard their organizations by promoting security best practices. However, little is known about what constitutes successful advocacy.</p><p><strong>Methodology: </strong>We conducted 28 in-depth interviews of cybersecurity advocates.</p><p><strong>Findings: </strong>Effective advocates not only possess technical acumen, but also interpersonal skills, communication acumen, context awareness, and a customer service orientation.</p><p><strong>Originality: </strong>We are the first to define and enumerate competencies for the role of cybersecurity advocate.</p><p><strong>Implications: </strong>Non-technical skills are deemphasized in cybersecurity training, limiting career progression into the cybersecurity advocate role for existing security professionals and those from other disciplines. We suggest improvements for professional development that encourage greater security workforce diversity.</p>","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":"29 3","pages":""},"PeriodicalIF":1.6000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8628570/pdf/nihms-1753036.pdf","citationCount":"8","resultStr":"{\"title\":\"Cybersecurity Advocates: Discovering the Characteristics and Skills of an Emergent Role.\",\"authors\":\"Julie M Haney, Wayne G Lutters\",\"doi\":\"10.1108/ics-08-2020-0131\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><strong>Purpose: </strong>Cybersecurity advocates safeguard their organizations by promoting security best practices. However, little is known about what constitutes successful advocacy.</p><p><strong>Methodology: </strong>We conducted 28 in-depth interviews of cybersecurity advocates.</p><p><strong>Findings: </strong>Effective advocates not only possess technical acumen, but also interpersonal skills, communication acumen, context awareness, and a customer service orientation.</p><p><strong>Originality: </strong>We are the first to define and enumerate competencies for the role of cybersecurity advocate.</p><p><strong>Implications: </strong>Non-technical skills are deemphasized in cybersecurity training, limiting career progression into the cybersecurity advocate role for existing security professionals and those from other disciplines. We suggest improvements for professional development that encourage greater security workforce diversity.</p>\",\"PeriodicalId\":45298,\"journal\":{\"name\":\"Information and Computer Security\",\"volume\":\"29 3\",\"pages\":\"\"},\"PeriodicalIF\":1.6000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8628570/pdf/nihms-1753036.pdf\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information and Computer Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1108/ics-08-2020-0131\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/ics-08-2020-0131","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Cybersecurity Advocates: Discovering the Characteristics and Skills of an Emergent Role.
Purpose: Cybersecurity advocates safeguard their organizations by promoting security best practices. However, little is known about what constitutes successful advocacy.
Methodology: We conducted 28 in-depth interviews of cybersecurity advocates.
Findings: Effective advocates not only possess technical acumen, but also interpersonal skills, communication acumen, context awareness, and a customer service orientation.
Originality: We are the first to define and enumerate competencies for the role of cybersecurity advocate.
Implications: Non-technical skills are deemphasized in cybersecurity training, limiting career progression into the cybersecurity advocate role for existing security professionals and those from other disciplines. We suggest improvements for professional development that encourage greater security workforce diversity.
期刊介绍:
Information and Computer Security (ICS) contributes to the advance of knowledge directly related to the theory and practice of the management and security of information and information systems. It publishes research and case study papers relating to new technologies, methodological developments, empirical studies and practical applications. The journal welcomes papers addressing research and case studies in relation to many aspects of information and computer security. Topics of interest include, but are not limited to, the following: Information security management, standards and policies Security governance and compliance Risk assessment and modelling Security awareness, education and culture User perceptions and understanding of security Misuse and abuse of computer systems User-facing security technologies Internet security and privacy The journal is particularly interested in receiving submissions that consider the business and organisational aspects of security, and welcomes papers from both human and technical perspective on the topic. However, please note we do not look to solicit papers relating to the underlying mechanisms and functions of security methods such as cryptography (although relevant applications of the technology may be considered).