skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, December 13 until 2:00 AM ET on Saturday, December 14 due to maintenance. We apologize for the inconvenience.


Title: Reconceptualizing cybersecurity awareness capability in the data-driven digital economy
Abstract Data breaches have become a formidable challenge for business operations in the twenty-first century. The emergence of big data in the ever-growing digital economy has created the necessity to secure critical organizational information. The lack of cybersecurity awareness exposes organizations to potential cyber threats. Thus, this research aims to identify the various dimensions of cybersecurity awareness capabilities. Drawing on the dynamic capabilities framework, the findings of the study show personnel (knowledge, attitude and learning), management (training, culture and strategic orientation) and infrastructure capabilities (technology and data governance) as thematic dimensions to tackle cybersecurity awareness challenges.  more » « less
Award ID(s):
1828010
PAR ID:
10432716
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
Annals of Operations Research
ISSN:
0254-5330
Page Range / eLocation ID:
1-26
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today’s networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. 
    more » « less
  2. In college cybersecurity education, problem-based learning has been introduced to promote student agency in solving a complex problem. However, a dilemma of balancing the student agency persist and previous research has focused on students’ cognitive, metacognitive, and regulatory to enhance the efficacy of PBL. Given the importance of students’ self-awareness of their agency, this study suggests a concept of meta-agency as an essential learner characteristic that influences the effectiveness of student agency in PBL. Four dimensions of meta-agency, perceptions of productive struggle, expectation alignment between instructor and students, strategies for regulating agency, and familiarity with PBL tasks, were qualitatively explored with student interview data. Features of meta-agency and how students’ meta-agency level develop through cybersecurity PBL sessions were further investigated. 
    more » « less
  3. This article examines the integration of cybersecurity into the sociology curriculum at a HBCU. The article is based on two of the twenty-six modules that were created and taught in a three-year project. The research questions are: • Is there increased cybersecurity awareness after the infusion of the Password and Phishing Modules? • Is there a relationship between the use of experiential pedagogy and learning outcomes? The socio-cybersecurity modules are grounded in Vygotsky’s experiential learning theory. The methodology included a pre-test survey of cybersecurity awareness, the module’s lecture and experiential activities, then a post-test survey of cybersecurity awareness. T-test analysis was performed on the data obtained from quasi-experimental survey data. Content analysis was performed on in-class assignments. Students found the experiential pedagogy helpful and demonstrated their new knowledge. Significant pedagogical research is occurring with African American students. Traditionally, this population has been sidelined in the digital race and its new employment opportunities. When exposed to cyber-education their learning outcomes are primarily significant. 
    more » « less
  4. This report will discuss and explore the concept of reflexive control theory (RCT) in the context of day-to-day cybersecurity operations. Specifically, this study aims to investigate and emphasize the influential role of this trend in cyberspace while simultaneously examining the manipulative tactics employed by adversaries and RCT’s effect on the public. This report will further explain the concept of RCT and aims to promote awareness to educate the public about this topic. In the realm of cybersecurity, reflexive control serves as a potent weapon, used to allow adversaries to be able to exploit vulnerabilities, influence decision-making and essentially predict their target’s actions. This research will focus on three key concepts within reflexive control theory: Behavioral Analysis, Threat Detection and Perception Management. Furthermore, this report examines the ethical dimensions and potential risks associated with the reflexive control theory technique. These findings are intended to raise awareness and propose strategies to enhance resilience against these manipulative tactics. By meticulously synthesizing existing literature, research studies, and user surveys, this report provides a comprehensive analysis of the reflexive control theory in cyber operations. 
    more » « less
  5. null (Ed.)
    In this paper, we propose that the theory of planned behavior (TPB) with the additional factors of awareness and context-based information can be used to positively influence users' cybersecurity behavior. A research model based on TPB is developed and validated using a user study. As a proof-of-concept, we developed a mobile cybersecurity news app that incorporates context-based information such as location, search history, and usage information of other mobile apps into its article recommendations and warning notifications to address user awareness better. Through a survey of 100 participants, the proposed research model was validated, and it was confirmed that context-based information positively influences users' awareness in cybersecurity. 
    more » « less