Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Hidden in Onboarding: Cyber Hygiene Training and Assessment

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14728))

Included in the following conference series:

  • 310 Accesses

Abstract

End-users are our first line of defense against cyber-attacks. The U.S. government has endorsed training videos that teach cyber hygiene best practices, aiming to harden our defenses. In this pilot study, we explored the effectiveness of those security training videos under the cover of an employee onboarding scenario and general computer competency questions. Masking the cybersecurity focus of this study was critical to prevent unnatural heightened vigilance. For example, increased awareness of cybersecurity threats can artificially increase sensitivity to phishing emails or identify malicious links. Participants’ cyber hygiene knowledge was assessed by pre- and post-tests after receiving the training. In addition, we measured behavioral onboarding task performance based on the training learning objectives. Our findings showed a lack of improvement in quiz knowledge and onboarding security activities after exposure to the training. We echo others in the literature by claiming the need for a paradigm shift in how traditional cybersecurity training is taught and how success is measured.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ulsch, N.M. (ed.): Cyber Threat! Wiley (2014). https://doi.org/10.1002/9781118915028

  2. Chowdhury, N., Gkioulos, V.: Cyber security training for critical infrastructure protection: a literature review. Comput. Sci. Rev. 40, 100361 (2021). https://doi.org/10.1016/j.cosrev.2021.100361

    Article  Google Scholar 

  3. Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33, 237–248 (2014). https://doi.org/10.1080/0144929X.2012.708787

    Article  Google Scholar 

  4. Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. 42, 36–45 (2018). https://doi.org/10.1016/j.jisa.2018.08.002

    Article  Google Scholar 

  5. Chowdhury, N., Katsikas, S., Gkioulos, V.: Modeling effective cybersecurity training frameworks: a Delphi method-based study. Comput. Secur. 113, 102551 (2022). https://doi.org/10.1016/j.cose.2021.102551

    Article  Google Scholar 

  6. Vishwanath, A.: Stop telling people to take those cyber hygiene multivitamins. In: Prepared for Evolving Threats, pp. 225–240. World Scientific (2020). https://doi.org/10.1142/9789811219740_0014

  7. Morris, T.W., Still, J.D.: Cybersecurity hygiene: blending home and work computing. In: Patterson, W. (ed.) New Perspectives in Behavioral Cybersecurity. CRC Press, Boca Raton (2023)

    Google Scholar 

  8. Bogage, J.: Colonial pipeline CEO says paying $4.4 million ransom was ‘the right thing to do for the country’ (2021)

    Google Scholar 

  9. Prümmer, J., Van Steen, T., Van Den Berg, B.: A systematic review of current cybersecurity training methods. Comput. Secur. 136, 103585 (2024). https://doi.org/10.1016/j.cose.2023.103585

    Article  Google Scholar 

  10. Craigen, D., Diakun-Thibault, N., Purse, R.: Defining cybersecurity. Technol. Innov. Manag. Rev. 4, 13–21 (2014). https://doi.org/10.22215/timreview/835

  11. McCarthy, K.: Cybersecurity awareness training methods and user behavior. ProQuest Dissertations and Theses (2021)

    Google Scholar 

  12. Koutsouris, N., Vassilakis, C., Kolokotronis, N.: Cyber-security training evaluation metrics. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 192–197. IEEE, Rhodes (2021). https://doi.org/10.1109/CSR51186.2021.9527946

  13. Van Steen, T., Norris, E., Atha, K., Joinson, A.: What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use? J. Cybersecur. 6, tyaa019 (2020). https://doi.org/10.1093/cybsec/tyaa019

  14. Bada, M., Sasse, A.M., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behaviour? (2019). https://doi.org/10.48550/ARXIV.1901.02672

  15. Ghazvini, A., Shukur, Z.: Awareness training transfer and information security content development for healthcare industry. IJACSA 7 (2016). https://doi.org/10.14569/IJACSA.2016.070549

  16. Kävrestad, J., Nohlberg, M.: Evaluation strategies for cybersecurity training methods: a literature review. In: Furnell, S., Clarke, N. (eds.) HAISA 2021. IFIP Advances in Information and Communication Technology, vol. 613, pp. 102–112. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81111-2_9

    Chapter  Google Scholar 

  17. Deakin University Melbourne, Australia, Alruwaili, A.: A review of the impact of training on cybersecurity awareness. IJARCS 10, 1–3 (2019). https://doi.org/10.26483/ijarcs.v10i5.6476

  18. Proctor, W.R.: Investigating the efficacy of cybersecurity awareness training programs. ProQuest Dissertations & Theses Global; SciTech Premium Collection (2016)

    Google Scholar 

  19. Vishwanath, A., et al.: Cyber hygiene: The concept, its measure, and its initial tests. Decis. Support. Syst. 128, 113160 (2020). https://doi.org/10.1016/j.dss.2019.113160

    Article  Google Scholar 

  20. Nichols, A.L., Maner, J.K.: The good-subject effect: investigating participant demand characteristics. J. Gener. Psychol. 135, 151–166 (2008). https://doi.org/10.3200/GENP.135.2.151-166

    Article  Google Scholar 

  21. Sharma, K., Zhan, X., Nah, F.F.-H., Siau, K., Cheng, M.X.: Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity. OCJ 1, 69–91 (2021). https://doi.org/10.1108/OCJ-03-2021-0009

    Article  Google Scholar 

  22. Fahl, S., Harbach, M., Acar, Y., Smith, M.: On the ecological validity of a password study. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, pp. 1–13. ACM, Newcastle (2013). https://doi.org/10.1145/2501604.2501617

  23. Cybersecurity Awareness. Security Awareness Hub: Select eLearning Awareness Courses for DOD and Industry (2014)

    Google Scholar 

  24. Basset, G., Hylender, C., Langlois, P., Pinto, A., Widup, S.: Data breach 2020 investigations report - verizon business (2020). https://www.verizon.com/business/en-gb/resources/reports/2020-data-breach-investigations-report.pdf. Accessed 10 Apr 2022

  25. Still, J.D.: Cybersecurity needs you! ACM Interact. (May + June: Feature) 23, 54–58 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Old Dominion University, Norfolk, VA, 23529, USA

    Alex Katsarakes & Jeremiah D. Still

  2. Eastern Kentucky University, Richmond, KY, 40475, USA

    Thomas Morris

Authors
  1. Alex Katsarakes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Morris
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeremiah D. Still
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alex Katsarakes .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Ethics declarations

The authors have no competing interests to declare that are relevant to the content of this article.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Katsarakes, A., Morris, T., Still, J.D. (2024). Hidden in Onboarding: Cyber Hygiene Training and Assessment. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2024. Lecture Notes in Computer Science, vol 14728. Springer, Cham. https://doi.org/10.1007/978-3-031-61379-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-61379-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-61378-4

  • Online ISBN: 978-3-031-61379-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation