TY - GEN
T1 - Expert assessment of the top platform independent cybersecurity skills for non-IT professionals
AU - Carlton, Melissa
AU - Levy, Yair
PY - 2015/4
Y1 - 2015/4
N2 - Cybersecurity threats are causing substantial financial losses for individuals, organizations, and governments. Information technology (IT) users' mistakes, due to poor cybersecurity skills, represent about 72% to 95% of cybersecurity threats to organizations. As opposed to IT professionals, computer end-users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills. Skills are defined as the combination of knowledge, experience, and ability to do something well. Cybersecurity skills are the skills one possess to prevent damage to IT via the Internet. However, the current measures of end-user cybersecurity skills are based on self-reported surveys. This study is the first phase of a larger research project that is aimed to develop a scenario-based iPad application to measure cybersecurity skills based on actual scenarios with hands-on tasks that the participants complete in demonstrating their skills. To design a measure that has both high validity and reliability, the first phase of the study was set forth to follow the Delphi method in seeking subject matter experts' opinion on the top platform independent cybersecurity skills for non-IT professionals. A total of 18 experts from the Florida chapter of the InfraGard, a public-private partnership between the United States Federal Bureau of Investigation (FBI)'s cyber division and private sector that focus on cybersecurity, along with subject matter experts from other federal agencies such as the United States Secret Services' (USSS) Electronic Crimes Task Force team and industry, took part in our Delphi expert panel process. The exploratory expert panel data was recorded and categorized into similar groups of comments for improvements, along with quantitative rankings. Comments were then solicited again for expert consensus, to derive the rankings of the top nine platform independent cybersecurity skills. The paper ends with some discussion on the next phase of this ongoing research along with some initial implications of the findings to practice and research.
AB - Cybersecurity threats are causing substantial financial losses for individuals, organizations, and governments. Information technology (IT) users' mistakes, due to poor cybersecurity skills, represent about 72% to 95% of cybersecurity threats to organizations. As opposed to IT professionals, computer end-users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills. Skills are defined as the combination of knowledge, experience, and ability to do something well. Cybersecurity skills are the skills one possess to prevent damage to IT via the Internet. However, the current measures of end-user cybersecurity skills are based on self-reported surveys. This study is the first phase of a larger research project that is aimed to develop a scenario-based iPad application to measure cybersecurity skills based on actual scenarios with hands-on tasks that the participants complete in demonstrating their skills. To design a measure that has both high validity and reliability, the first phase of the study was set forth to follow the Delphi method in seeking subject matter experts' opinion on the top platform independent cybersecurity skills for non-IT professionals. A total of 18 experts from the Florida chapter of the InfraGard, a public-private partnership between the United States Federal Bureau of Investigation (FBI)'s cyber division and private sector that focus on cybersecurity, along with subject matter experts from other federal agencies such as the United States Secret Services' (USSS) Electronic Crimes Task Force team and industry, took part in our Delphi expert panel process. The exploratory expert panel data was recorded and categorized into similar groups of comments for improvements, along with quantitative rankings. Comments were then solicited again for expert consensus, to derive the rankings of the top nine platform independent cybersecurity skills. The paper ends with some discussion on the next phase of this ongoing research along with some initial implications of the findings to practice and research.
KW - cybersecurity
KW - cybersecurity skills
KW - risk mitigation tool
KW - information security skills of non-IT professional
KW - Infra-Gard-United States Federal Bureau of Investigation expert panel
U2 - 10.1109/secon.2015.7132932
DO - 10.1109/secon.2015.7132932
M3 - Conference contribution
SN - 9781467373005
T3 - SoutheastCon 2015
SP - 1
EP - 6
BT - SoutheastCon 2015
PB - IEEE
T2 - IEEE SoutheastCon 2015
Y2 - 9 April 2015 through 12 April 2015
ER -