Title of the article: Developing metrics to assess the effectiveness of
cybersecurity awareness program
Link: Developing metrics to assess the effectiveness of cybersecurity awareness program | Journal of Cybersecurity | Oxford Academic
Title of the article: Developing metrics to assess the effectiveness of cybersecurity awareness program
(1) How does the topic relate to the principles of the social sciences?
The topic is focussed on developing metrics in order to assess the effectiveness of cybersecurity awareness programs. Indeed, this is related to the principles of social sciences as cybersecurity awareness programs involve human interactions with technology. It emphasizes the importance of enhancing human’s roles and responsibilities in securing systems, data and information from cyber threats. As many of the cyber incidents occur due to human errors, it is crucial to implement effective cybersecurity awareness programs in organizations. This article mainly focussed on creating metrics to evaluate the effectiveness of cybersecurity awareness programs.
(2) The study’s research questions or hypotheses:
The study’s research questions may include, how to assess the effectiveness of cybersecurity awareness programs, with a primary focus on developing metrics for this evaluation.
(3) The types of research methods used:
In order to develop such metrics that can evaluate the effectiveness of cybersecurity awareness programs, they performed a literature review of 32 papers, targeting specific data based on what factors the paper measured, and how it was measured. Furthermore, the research adapted the European Literacy Policy Network’s four indicators for awareness evaluation i.e. impact, sustainability, accessibility, and monitoring.
(4) The types of data and analysis done:
The data was collected from literature reviews of 32 papers emphasizing their specific measured factor related to cybersecurity awareness programs and their measurement method.
Some of the measured factors include, behaviour, attitude, knowledge and competence, interest and reachability, touchability, value added, usability and overall feedback.
Measurement Method: Mainly two methods were used, Intrusive and Non-intrusive. Intrusive methods include questionnaires, surveys, interviews, group discussions, observations, lab experiments etc. Non-intrusive methods include simulated attack, system data, uninterrupted observation etc.
(5) how concepts discussed in class relate to the article,
During the 3rd week of the class, we explored the human factor in cybersecurity, discussing how breaches are often caused by human errors. We also engaged in exploring strategies to minimize these errors and enhance overall security. One of the strategies that many students pointed out was employee training and awareness programs. Many students, including myself, agreed that it is one of the most effective approaches to reducing human error.
This is completely related to the article as it focussed on developing metrics to assess the effectiveness of cybersecurity awareness programs. Ineffective cybersecurity awareness programs serve no purpose in securing the systems and data. That is why it is very crucial to actively assess their effectiveness. Afterall, the human factor is the weakest link in cybersecurity. Unlike computers, humans can be easily manipulated and are bound to make errors.
(6) How does the topic relate to the challenges, concerns, and contributions of marginalized groups?
Cybersecurity awareness programs might not be available or accessible to everyone. Marginalized groups might find it difficult to learn about cybersecurity principles and basic cybersecurity hygiene. For instance, older people often lack the knowledge of technology, therefore, become more vulnerable to cyber crimes. Unless in the cybersecurity profession, not everyone is aware of the cyber threats, however, everyone uses cell phones and the internet these days. Furthermore, in many cases, marginalized groups like LGBTQ community often get targetted for cyber bullying.
(7) The overall contributions of the studies to society:
Human interaction with technology is inevitable. As much as we need technology to make our lives easier, we also need to maintain them and safeguard them from potential threats. Indeed, the human factor is the weakest link in cybersecurity. That is why it is crucial to train them and make them aware about common security challenges, risk and mitigation methods. These studies can be greatly used for effectively safeguarding sensitive information and data against potential threats and vulnerabilities.