In the Journal of Cybersecurity, the article titled Developing metrics to assess the effectiveness of a cybersecurity awareness program touches on several factors that make this an educational and informative think-piece. This article explains Cybersecurity Awareness or (CSA), defines the right metrics for the evaluation of a CSA program, and the studies conducted on several groups with results included.

The principles of social science that are prevalent in this article are Relativism, Objectivity and Parsimony. Relativism can be found in the context of the reading by means of the relationship between the cause and effect of how the metrics were measured. Specific information was needed, so the researches refined their search in order to collect an appropriate amount of data, via 32 papers consisting of 19 journal papers 12 conference and workshop papers and a NIST Technical Series publication.  Objectivity was the basis of why the information was collected in the first place. This was information that was needed for an objective point of view specifically for knowledges sake.  Parsimony in this article can be described by the simplicity of the information acquired. When collecting data, the researches wanted simple information: improvement of cybersecurity behavior, changes in the cybersecurity attitude from the audience, knowledge and competence gained by participating in the CSA program and interest in a cybersecurity program.

               The article in question has a clear goal in attempting to answer the questions of “What is needed for an effective CSA program?”. Other questions include “What factors have to be measured?” and “What measuring methods could be used for accurate results?” The hypothesis can be concluded that lack of knowledge of cybersecurity if would be due to a lack of a well-developed CSA program.  The researchers understood this and made sure that all the information collected was relevant enough to provide accurate data for the appropriate results.

The methods used to conduct their research included some of the following: Surveys-Questionnaire-based survey on technical and security policy issues. Awareness/Security Day- Direct communication with employees to get their feedback, Independent Observation-Silent observation of employees’ security behaviors, Audit Department Reports- Security awareness related incidents identified by audits should decline and Awareness Sessions (Workshops)- Post session feedback from employees. The results from these methods included Developed a positive attitude toward cybersecurity, intended change in cybersecurity attitude and normative belief and subjective norms toward cybersecurity.

This article relates to a few concepts from class by means of referring different methods of collecting data. Data was collected via surveys, field research and experiments. This article also describes in detail how the data collected would be beneficial. The more individuals that are more aware of cybersecurity policy and procedures, the safer they will be.  In this case, the marginalized groups would be those who are unaware of how to properly protect themselves from cyber threats. The CSA program would be a tool that they could use to better themselves.

Finally, the article states that the CSA program can be used at different personnel levels. Individuals could use this program on their own which would in turn be useful in a departmental or business level. Individuals could keep their information safe and secure due to what was learned in the CSA program. Businesses could use this program to teach their employees how to be aware and therefore benefit the organization by keeping important information safe from cyberattacks.

Sunil Chaudhary, Vasileios Gkioulos, Sokratis Katsikas, 23 May, 2022, Developing metrics to asses the effectiveness of a cybersecurity awareness program, Accessed 10/1/2023, <https://academic.oup.com/cybersecurity/article/8/1/tyac006/6590603?searchresult=1>