The Cybersecurity Awareness Training Model (CATRAM)

The Cybersecurity Awareness Training Model (CATRAM)

DOI: 10.4018/978-1-7998-4162-3.ch009
OnDemand PDF Download:
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

This chapter presents the outcome of one empirical research study that assess the implementation and validation of the cybersecurity awareness training model (CATRAM), designed as a multiple-case study in a Canadian higher education institution. Information security awareness programs have become unsuccessful to change people's attitudes in recognizing, stopping, or reporting cyberthreats within their corporate environment. Therefore, human errors and actions continue to demonstrate that we as humans are the weakest links in cybersecurity. The chapter studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks, and approaches. The cybersecurity awareness training model (CATRAM) has been created to deliver training to different corporate audiences, each of these organizational units with peculiar content and detached objectives. They concluded their study by addressing the necessity of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.
Chapter Preview
Top

Introduction

A satisfactory Cybersecurity Awareness Program must include adequate training that is aligned with the organization’s objectives, the focus to raise cybersecurity awareness while performing employee’s duties and an interactive communication between all stakeholders for any cybersecurity matter. Awareness programs may be unsuccessful if they are not designed to change people’s attitude towards cyber incidents and likewise if a positive impact on any organization cannot be achieved. A cybersecurity awareness program is an organizational long-term investment that will help to create a cybersecurity culture if training is delivered on a continuous basis. A more energetic vision of the awareness aim is to go beyond the prevention of cybersecurity incidents.

We consider that the Cybersecurity Awareness TRAining Model (CATRAM) can represent a substantial foundation for the implementation of any organizational cybersecurity awareness program. CATRAM can also review any awareness training model that is steady and updated with the current cyberthreat landscape.

Cano (2016) points out that one of the consequences of current information security training methodologies is the “Bottom-up delegation”; this scenario does not allow end users to practice freedom and autonomy when it comes to data protection but instead follow and tolerate certain organizational information security policies.

Top

Background

This chapter look into an innovative model for creating, developing, planning, delivering and maintaining a Cybersecurity Awareness Training methodology or program that was validated in a Canadian Higher Education organization. The implementations in our target organization were part of a multi-case study research along with the CyberSecurity Audit Model (CSAM); another innovative model to conduct and deliver cybersecurity audits.

The Cybersecurity Awareness TRAining Model (CATRAM) was created distinctively to deliver cybersecurity awareness training to specific groups within any organization. CATRAM was designed to deliver the awareness training for the members of the Board od Directors, Top Executives, Managers, IT (Information Technology) staff and of course, end-users.

In this particular research scenario, CATRAM was implemented as the foundational model of our target organization. This organization did not have any Information Security policy in place for awareness training and CATRAM was validated to introduce cybersecurity awareness for their employees. These days, CATRAM is being used to develop the future cybersecurity awareness training program of this higher education organization.

Key Terms in this Chapter

Cybersecurity Awareness Education Maturity: Level of experience that an organization has implemented and acquired for cybersecurity training in accordance with the cyberthreat landscaping.

Cybersecurity Awareness: Perception of cybersecurity matters to be incorporated at any job function.

Cybersecurity Awareness Training: Cybersecurity areas that will be taught to any stakeholder in order to increase awareness and remediation.

Complete Chapter List

Search this Book:
Reset