Expert assessment of the top platform independent cybersecurity skills for non-IT professionals

  title={Expert assessment of the top platform independent cybersecurity skills for non-IT professionals},
  author={Melissa Carlton and Yair Levy},
  journal={SoutheastCon 2015},
Cybersecurity threats are causing substantial financial losses for individuals, organizations, and governments. Information technology (IT) users' mistakes, due to poor cybersecurity skills, represent about 72% to 95% of cybersecurity threats to organizations. As opposed to IT professionals, computer end-users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills. Skills are defined as the combination of knowledge, experience, and ability to do… 

Figures and Tables from this paper

Mitigating cyber attacks through the measurement of non-IT professionals' cybersecurity skills
A set of scenarios-based hands-on tasks to measure the cybersecurity skills of non-information technology (IT) professionals without bias or the high-stakes risk to IT is designed and validated.
Cybersecurity skills: Foundational theory and the cornerstone of advanced persistent threats (APTs) mitigation
Cyber threats have been growing with social engineering and business e-mail compromise reported as the two most rising penetration vectors. Advanced Persistent Threats (APTs) are penetration
Expert assessment of organizational cybersecurity programs and development of vignettes to measure cybersecurity countermeasures awareness
As organizational reliance on technology increases, cybersecurity attacks become more attractive to attackers and increasingly devastating to organizations. Due to lacking knowledge and skills,
Validation of a vignettes-based, hands-on cybersecurity threats situational assessment tool
Advanced Persistent Threats (APTs) have been growing with social engineering and corporate e-mail compromise reported as the two most penetration vectors to organizational networks. Historically,
Cybersecurity Training and the End-User: Pathways to Compliance
In order to effectively combat cybersercurity threats at home and in organizations, it is imperative to achieve higher end-user cybersecurity compliance. Cybersecurity training is generally accepted
Cybersecurity Awareness and Skills of Senior Citizens: A Motivation Perspective
The results indicated that the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens and empowered them with small but significant improvements in the requisite skills to take mitigating actions against cyberattacks.
Cybersecurity Skills in EU: New Educational Concept for Closing the Missing Workforce Gap
Recruiting, retaining and maintaining a validated number of cybersecurity professionals in the workplace is a constant battle, not only for the technical side of cybersecurity, but also for the
Changing the landscape of cybersecurity education in the EU: Will the new approach produce the required cybersecurity skills?
  • B. Blažič
  • Political Science
    Education and Information Technologies
  • 2021
Recruiting, retaining, and maintaining sufficient numbers of cybersecurity professionals in the workplace is a constant battle, not only for the technical side of cybersecurity, but also for the
Introducing the Cybersurvival Task: Assessing and Addressing Staff Beliefs about Effective Cyber Protection
It is shown how the Cybersurvival Task could be used to detect ‘shadow security’ cultures within an organisation and how a group discussion about the importance of different cyber behaviours led to the weakening of staff’s cybersecurity positions.


The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse
This study examined the effect of user computer self-efficacy (CSE), cybersecurity countermeasures awareness (CCA), and cybersecurity skills (CS) on users’ computer misuse intention (CMI) at a government agency and showed that the factor of users' awareness of computer monitoring and cybersecurity initiative skill were significant contributors to CMI.
A Role-Based Model for Federal Information Technology/Cybersecurity Training (3rd Draft)
Meeting security responsibilities and providing for the confidentiality, integrity, and availability of information in today's highly networked environment can be a difficult task. Each individual
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach
An extended deterrence theory model is presented that combines work from criminology, social psychology, and information systems and suggests that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention.
Securing E-Learning Systems: A Case of Insider Cyber Attacks and Novice IT Management in a Small University
This case reveals that internal cyber attack as well as lack of proper IT policies and procedures all resulted in multiple instances of damage to the e-learning system of the university in this case study.
Information Security Technology? Don't Rely on It. A Case Study in Social Engineering
A Social Engineering attack performed against a company with their permission yielded sensitive company information and numerous user passwords, giving the attackers the ability to cripple the company despite extremely good technical information security measures.
The Dangerous Policy of Weakening Security to Facilitate Surveillance
Some nations may consider policies that are intended to facilitate legal surveillance for law enforcement or intelligence purposes by weakening the cybersecurity of commercially available products
Identifying Software Project Risks: An International Delphi Study
A rigorous data collection method called a "ranking-type" Delphi survey is deployed to produce a rank-order list of risk factors, which is compared with other published risk factor lists for completeness and variation.
The Art of Deception: Controlling the Human Element of Security
From the Publisher: Kevin Mitnick's exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history have spawned dozens of articles, books, films, and
Social Engineering in Social Networking sites: How Good becomes evil
The different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, and reasons why people fell (or did not fall) for these attacks are demonstrated, based on users’ opinions.
Toward a Theory of Iformation Technology Professional Competence
The theory should help to better understand gaps between IT academic programs, employers' needs, and IT students' perceptions and make a contribution on several dimensions: methodological, theoretical, managerial, and academic.