Abstract
Purpose
Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals.
Design/methodology/approach
This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals.
Findings
The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT.
Research limitations/implications
Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability.
Originality/value
The validated and reliable CSI operationalized as a tool that measures the cybersecurity skills of non-IT professionals. This benchmarking tool could assist organizations with mitigating threats due to vulnerabilities and breaches caused by employees due to poor cybersecurity skills.
Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals.
Design/methodology/approach
This study was classified as developmental in nature and used a sequential qualitative and quantitative method to validate the reliability of the Cybersecurity Skills Index (CSI) as a prototype-benchmarking tool. Next, the prototype was used to empirically test the demonstrated observable hands-on skills level of 173 non-IT professionals.
Findings
The importance of skills and hands-on assessment appears applicable to cybersecurity skills of non-IT professionals. Therefore, by using an expert-validated set of cybersecurity skills and scenario-driven tasks, this study established and validated a set of hands-on tasks that measure observable cybersecurity skills of non-IT professionals without bias or the high-stakes risk to IT.
Research limitations/implications
Data collection was limited to the southeastern USA and while the sample size of 173 non-IT professionals is valid, further studies are required to increase validation of the results and generalizability.
Originality/value
The validated and reliable CSI operationalized as a tool that measures the cybersecurity skills of non-IT professionals. This benchmarking tool could assist organizations with mitigating threats due to vulnerabilities and breaches caused by employees due to poor cybersecurity skills.
| Original language | English |
|---|---|
| Article number | 1 |
| Pages (from-to) | 101-121 |
| Number of pages | 21 |
| Journal | Information and Computer Security |
| Volume | 27 |
| Issue number | 1 |
| DOIs | |
| State | Published - Feb 11 2019 |
Keywords
- cyber threat mitigation
- cybersecurity assessment of non-IT professionals
- cybersecurity skills index
Disciplines
- Computer Engineering