Article 2 Review | Brandon J Vuono

Brandon Vuono

CYSE201S

Article 2 Review

Human Behavior and Cybersecurity

Article reviewed: Sunil Chaudhary, Vasileios Gkioulos, Sokratis Katsikas, Developing metrics to assess the effectiveness of cybersecurity awareness program, Journal of Cybersecurity, Volume 8, Issue 1, 2022, tyac006, https://doi.org/10.1093/cybsec/tyac006

This study focuses on how cybersecurity awareness programs are important and how they are evaluated to measure their effectiveness. The article explains that cybersecurity is not about the technology and the equipment itself but how the user interacts with it. “Cybsersecurity is not just about technology, but it also includes the people who interact with technology” (Chaudhary, Gkioulos, Kastsikas, 2022). Many security breaches are due to human errors. These errors are usually due to negligence and lack of awareness. This makes awareness programs important to the industry and anyone who works in cybersecurity.

The article points out that there is no real standard to measure success in the awareness space of cybersecurity. This makes it hard for large corporations and organizations to measure and identify problem areas to bring awareness of the issues that need to be fixed. This can lead to blind training at large, which is monotonous and less effective. The goal of this article was to identify what should be measured and how it should be used to make the awareness programs in cybersecurity programs effective.

This article uses different literature reviews to compare different studies and find patterns on how awareness programs are evaluated. This is most effective over collecting brand new data because past data can show patterns at large and problem areas in the environment. The biggest finding of the article is that knowledge alone is not enough to help the awareness program. The article pushes that “Knowledge, attitude, and behavior” (Chaudhary, Gkioulos, Kastsikas, 2022) are the main parts that are what is needed for awareness. With knowledge, the person has an understanding of how to be safe in cybersecurity space. Without the questioning attitude, that focuses on safety and security problems can arise. Behavior is the answer to the question of developing the metrics needed. This is how humans are studying social sciences. The article mentions that awareness programs should be designed for different audiences. This would depend on the individual’s job and exposure to technology. That would then determine the level of knowledge needed.

Overall, the study contributes to society by helping organizations understand how to evaluate their cybersecurity programs. Especially since the data is hard to categorize and the different audiences, that cybersecurity falls upon. This shows that improving human behavior and attitudes towards cybersecurity and training involved in gaining knowledge will be the answer. This emphasizes how human behavior is just as important as technology in cybersecurity.