An Adaptive Cybersecurity Training Framework for the Education of Social Media Users at Work
-
Published:2023-08-24
Issue:17
Volume:13
Page:9595
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Ben Salamah Fai1, Palomino Marco A.1ORCID, Craven Matthew J.1ORCID, Papadaki Maria2, Furnell Steven3
Affiliation:
1. School of Engineering, Computing and Mathematics, University of Plymouth, Plymouth PL4 8AA, UK 2. School of Computing and Engineering, University of Derby, Derby DE22 1GB, UK 3. School of Computer Science, University of Nottingham, Nottingham NG8 1BB, UK
Abstract
Formalizing the approach towards risk management on social media is critical for organizations. Regrettably, a review of the state-of-the-art on cybersecurity training highlighted that the existing frameworks are either too generic or too cumbersome to be adapted to different organizations and needs. Thus, we developed the Adaptive Cybersecurity Training Framework for Social Media Risks (ACSTF-SMR), a framework that incorporates social media cybersecurity policies and best practices. The ACSTF-SMR enables organizations, trainers, and policymakers to address the challenges posed by social media in a way that satisfies employees’ training needs and adjusts to their preferences. We tested the ACSTF-SMR with 38 case studies. Employees’ behaviors, learning, and responses after training were assessed, and feedback was gathered to improve the framework. Interviews with policymakers were held to gain insight into the enforcement of social media policies. We conclude that the ACSTF-SMR is a reliable option to mitigate social media threats within organizations.
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference62 articles.
1. Aldawood, H., and Skinner, G. (2019). Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and 326 Ongoing Issues. Future Internet, 11. 2. European Network and Information Security Agency (ENISA) (2023, August 21). Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity. Available online: https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cybersecurity. 3. Haeussinger, F., and Kranz, J. (2017). Antecedents of Employees’ Information Security Awareness-Review, Synthesis, and Directions for Future Research, Association for Information Systems AIS Electronic Library. 4. Tsokkis, P., and Stavrou, E. (2018, January 19–21). A password generator tool to increase users’ awareness on bad password construction strategies. Proceedings of the 2018 International Symposium on Networks, Computers and Communications (ISNCC), Rome, Italy. 5. Jamil, A., Asif, K., Ghulam, Z., Nazir, M.K., Alam, S.M., and Ashraf, R. (2018, January 10–13). MPMPA: A mitigation and prevention model for social engineering-based phishing attacks on Facebook. Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA.
|
|