The Cybersecurity Awareness INventory (CAIN): Early Phases of Development of a Tool for Assessing Cybersecurity Knowledge Based on the ISO/IEC 27032-Reference-Cited by-同舟云学术

The Cybersecurity Awareness INventory (CAIN): Early Phases of Development of a Tool for Assessing Cybersecurity Knowledge Based on the ISO/IEC 27032

Published:2023-02-16 Issue:1 Volume:3 Page:61-75
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

Tempestini Giorgia¹,Rovira Ericka²,Pyke Aryn²,Di Nocera Francesco¹^ORCID

Affiliation:

1. Department of Planning, Design, and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy

2. Department of Behavioral Sciences and Leadership, U.S. Military Academy, West Point, NY 10996, USA

Abstract

Knowledge of possible cyber threats as well as awareness of appropriate security measures plays a crucial role in the ability of individuals to not only discriminate between an innocuous versus a dangerous cyber event, but more importantly to initiate appropriate cybersecurity behaviors. The purpose of this study was to construct a Cybersecurity Awareness INventory (CAIN) to be used as an instrument to assess users’ cybersecurity knowledge by providing a proficiency score that could be correlated with cyber security behaviors. A scale consisting of 46 items was derived from ISO/IEC 27032. The questionnaire was administered to a sample of college students (N = 277). Based on cybersecurity behaviors reported to the research team by the college’s IT department, each participant was divided into three groups according to the risk reports they received in the past nine months (no risk, low risk, and medium risk). The ANOVA results showed a statistically significant difference in CAIN scores between those in the no risk and medium-risk groups; as expected, CAIN scores were lower in the medium-risk group. The CAIN has the potential to be a useful assessment tool for cyber training programs as well as future studies investigating individuals’ vulnerability to cyberthreats.

Publisher

MDPI AG

Subject

General Medicine

Link

https://www.mdpi.com/2624-800X/3/1/5/pdf

Reference23 articles.

1. Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic;Lallie;Comput. Secur.,2021

2. World Economic Forum (2022, July 01). COVID-19 Risks Outlook: A Preliminary Mapping and its Implications. Available online: https://www.weforum.org/reports/covid-19-risks-outlook-a-preliminary-mapping-and-itsimplications.

3. Taking risks with cybersecurity: Using knowledge and personal characteristics to predict self-reported cybersecurity behaviors;Kennison;Front. Psychol.,2020

4. (2022, July 01). IBM Security Services 2014 Cyber Security Intelligence Index. Available online: https://media.scmagazine.com/documents/82/ibm_cyber_security_intelligenc_20450.pdf.

5. Overview of the Impact of Human Error on Cybersecurity based on ISO/IEC 27001 Information Security Management;J. Inf. Secur. Cybercrimes Res.,2021

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Reliability and validity of the Cybersecurity Awareness INventory (CAIN);Behaviour & Information Technology;2024-05-20

2. Mitigating the Impact of Work Overload on Cybersecurity Behavior: The Moderating Influence of Corporate Ethics—A Mediated Moderation Analysis;Sustainability;2023-09-28

3. Cybersecurity Insights Gleaned from World Religions;Computers & Security;2023-09