Skip to main content

2025 | OriginalPaper | Buchkapitel

Harnessing the Right Talent for SETA Programs: Cybersecurity Roles and Competencies that Make a Difference

verfasst von : Apostolos Charalambous, Eliana Stavrou

Erschienen in: Human Aspects of Information Security and Assurance

Verlag: Springer Nature Switzerland

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Security Education, Training, and Awareness (SETA) is considered among the prominent strategies to develop a cybersecurity culture. Even though many SETA programs have been developed, their effectiveness is questionable as evident by the ongoing struggle of organizations to create a sustainable cybersecurity culture. A key factor that often challenges the design of effective SETA programs is the lack of expertise to create engaging and tailored initiatives to influence employees changing their unsafe behavior and adopting best practices. To address this challenge, organizations can leverage the expertise from multiple cybersecurity career roles, formulating a strong SETA development team that can exhibit a diverse range of perspectives and skills which are essential to design impactful SETA programs. Enabling such a collective design and development approach might be a solution to the pursuit of achieving a sustainable cybersecurity culture. This research work identifies: 1) the core knowledge areas and transferable skills that professionals responsible to design effective SETA programs should demonstrate, 2) which career roles in the ENISA European Cybersecurity Skills Framework cover relevant knowledge areas and transferable skills, 3) the prominent career roles for demonstrating knowledge and skills across multiple essential areas for SETA program development, and 4) the significance of lifelong learning in cybersecurity for developing sustainable SETA programs.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
3.
Zurück zum Zitat Uchendu, B., Nurse, R.C., Bada, M., Furnell, S.: Developing a cyber security culture: Current practices and future needs, Comput. Secur. 109 (2021) Uchendu, B., Nurse, R.C., Bada, M., Furnell, S.: Developing a cyber security culture: Current practices and future needs, Comput. Secur. 109 (2021)
4.
Zurück zum Zitat Gundu, T.: Learn, unlearn and relearn: adaptive cybersecurity culture model. In: 19th International Conference on Cyber Warfare and Security (ICCWS) (2024) Gundu, T.: Learn, unlearn and relearn: adaptive cybersecurity culture model. In: 19th International Conference on Cyber Warfare and Security (ICCWS) (2024)
5.
Zurück zum Zitat Stavrou, E.: Back to basics: towards building societal resilience against a cyber pandemic. J. Syst. Cybern. Inf. (JSCI) 18(7), 73–80 (2020) Stavrou, E.: Back to basics: towards building societal resilience against a cyber pandemic. J. Syst. Cybern. Inf. (JSCI) 18(7), 73–80 (2020)
7.
Zurück zum Zitat Alyami, A., Sammon, D., Neville, K., Mahony, C.: The critical success factors for Security Education, Training and Awareness (SETA) program effectiveness: a lifecycle model. Inf. Technol. People 36(8), 94–125 (2023)CrossRef Alyami, A., Sammon, D., Neville, K., Mahony, C.: The critical success factors for Security Education, Training and Awareness (SETA) program effectiveness: a lifecycle model. Inf. Technol. People 36(8), 94–125 (2023)CrossRef
8.
Zurück zum Zitat Sirur, S., Nurse, J.R.C., Webb, H.: Are we there yet? understanding the challenges faced in complying with the general data protection regulation (GDPR). In: 2nd International Workshop on Multimedia Privacy and Security, pp. 88–95. ACM (2018) Sirur, S., Nurse, J.R.C., Webb, H.: Are we there yet? understanding the challenges faced in complying with the general data protection regulation (GDPR). In: 2nd International Workshop on Multimedia Privacy and Security, pp. 88–95. ACM (2018)
9.
Zurück zum Zitat Mwim, E.N., Mtsweni, J.: Systematic review of factors that influence the cybersecurity culture. In: Clarke, N., Furnell, S. (eds.) Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings, pp. 147–172. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_12CrossRef Mwim, E.N., Mtsweni, J.: Systematic review of factors that influence the cybersecurity culture. In: Clarke, N., Furnell, S. (eds.) Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings, pp. 147–172. Springer International Publishing, Cham (2022). https://​doi.​org/​10.​1007/​978-3-031-12172-2_​12CrossRef
10.
Zurück zum Zitat Kaewsa-ard, A., Utakrit, N.: Identifying key issues to enhance the cybersecurity awareness strategy within organizations. In: Meesad, P., Sodsee, S., Jitsakul, W., Tangwannawit, S. (eds.) Proceedings of the 20th International Conference on Computing and Information Technology (IC2IT 2024), pp. 1–11. Springer Nature Switzerland, Cham (2024). https://doi.org/10.1007/978-3-031-58561-6_1CrossRef Kaewsa-ard, A., Utakrit, N.: Identifying key issues to enhance the cybersecurity awareness strategy within organizations. In: Meesad, P., Sodsee, S., Jitsakul, W., Tangwannawit, S. (eds.) Proceedings of the 20th International Conference on Computing and Information Technology (IC2IT 2024), pp. 1–11. Springer Nature Switzerland, Cham (2024). https://​doi.​org/​10.​1007/​978-3-031-58561-6_​1CrossRef
12.
Zurück zum Zitat Huang, K., Pearlson, K.: For what technology can’t fix: building a model of organizational cybersecurity culture. In: Proceeding of the 52nd Hawaii International Conference on System Sciences, pp. 6398–6407 (2019) Huang, K., Pearlson, K.: For what technology can’t fix: building a model of organizational cybersecurity culture. In: Proceeding of the 52nd Hawaii International Conference on System Sciences, pp. 6398–6407 (2019)
13.
Zurück zum Zitat Hulatt, D., and Stavrou, E.: The development of a multidisciplinary cybersecurity workforce: an investigation. In: 17th International Symposium on Human Aspects of Information Security & Assurance (HAISA) (2018) Hulatt, D., and Stavrou, E.: The development of a multidisciplinary cybersecurity workforce: an investigation. In: 17th International Symposium on Human Aspects of Information Security & Assurance (HAISA) (2018)
14.
Zurück zum Zitat Furnell, S., Langner, G., Tokola, T., Andriessen, J., Quirchmayr, G., Luciano, C.: Collaborative cybersecurity learning: establishing educator and learner expectations and requirements. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds.) WISE 2022, vol. 650. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-08172-9_4 Furnell, S., Langner, G., Tokola, T., Andriessen, J., Quirchmayr, G., Luciano, C.: Collaborative cybersecurity learning: establishing educator and learner expectations and requirements. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds.) WISE 2022, vol. 650. Springer, Cham (2022). https://​doi.​org/​10.​1007/​978-3-031-08172-9_​4
15.
Zurück zum Zitat (ISC)2 How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce (2023) (ISC)2 How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce (2023)
16.
Zurück zum Zitat ISACA State of Cybersecurity 2023 Global Update on Workforce Efforts, Resources and Cyberoperations (2023) ISACA State of Cybersecurity 2023 Global Update on Workforce Efforts, Resources and Cyberoperations (2023)
17.
Zurück zum Zitat Kirova, D., Baumöl, U.: Factors that affect the success of security education, training, and awareness programs: a literature review. J. Inf. Technol. Theory Appl. (JITTA) 19(4), 4 (2018) Kirova, D., Baumöl, U.: Factors that affect the success of security education, training, and awareness programs: a literature review. J. Inf. Technol. Theory Appl. (JITTA) 19(4), 4 (2018)
18.
Zurück zum Zitat Hu, S., Hsu, C., Zhou, Z.: The impact of SETA event attributes on employees’ security-related intentions: an event system theory perspective. Comput. Secur. 109, 102404 (2021)CrossRef Hu, S., Hsu, C., Zhou, Z.: The impact of SETA event attributes on employees’ security-related intentions: an event system theory perspective. Comput. Secur. 109, 102404 (2021)CrossRef
19.
Zurück zum Zitat Alshaikh, M., Maynard, S.B., Ahmad, A.: Applying social marketing to evaluate current security education training and awareness programs in organisations. Comput. Secur. 100, 102090 (2021)CrossRef Alshaikh, M., Maynard, S.B., Ahmad, A.: Applying social marketing to evaluate current security education training and awareness programs in organisations. Comput. Secur. 100, 102090 (2021)CrossRef
20.
Zurück zum Zitat Shaw, R.S., Chen, C.C., Harris, A.L., Huang, H.-J.: The impact of information richness on information security awareness training effectiveness. Comput. Educ. 52(1), 92–100 (2009)CrossRef Shaw, R.S., Chen, C.C., Harris, A.L., Huang, H.-J.: The impact of information richness on information security awareness training effectiveness. Comput. Educ. 52(1), 92–100 (2009)CrossRef
21.
Zurück zum Zitat Whitman, M.E., Mattord, H.J.: Principles of Information Security, 7 edn. Cengage (2004) Whitman, M.E., Mattord, H.J.: Principles of Information Security, 7 edn. Cengage (2004)
22.
Zurück zum Zitat Heikka, J. A constructive approach to information systems security training: an action research experience, learning from the past & charting the future of the discipline. In: 14th Americas Conference on Information Systems, Toronto, Ontario, Canada, August (2008) Heikka, J. A constructive approach to information systems security training: an action research experience, learning from the past & charting the future of the discipline. In: 14th Americas Conference on Information Systems, Toronto, Ontario, Canada, August (2008)
23.
Zurück zum Zitat Piki, A., Stavrou, E., Procopiou, A., Demosthenous, A. Fostering cybersecurity awareness and skills development through digital game-based learning. In: 10th International Conference on Behavioural and Social Computing (BESC), Larnaca (2023) Piki, A., Stavrou, E., Procopiou, A., Demosthenous, A. Fostering cybersecurity awareness and skills development through digital game-based learning. In: 10th International Conference on Behavioural and Social Computing (BESC), Larnaca (2023)
24.
Zurück zum Zitat Hu, S., Hsu, C., Zhou, Z.: Understanding employees’ perceptions of SETA events: the role of pedagogical and communication approaches. Internet Res. 34(2), 294–319 (2024)CrossRef Hu, S., Hsu, C., Zhou, Z.: Understanding employees’ perceptions of SETA events: the role of pedagogical and communication approaches. Internet Res. 34(2), 294–319 (2024)CrossRef
25.
Zurück zum Zitat Offor, P., Tejay, G.: Information systems security training in organizations: andragogical perspective. In: 20th Americas Conference on Information Systems (AIS) (2014) Offor, P., Tejay, G.: Information systems security training in organizations: andragogical perspective. In: 20th Americas Conference on Information Systems (AIS) (2014)
26.
Zurück zum Zitat Charalambous, A., Stavrou, E.: Building societal resilience against social engineering attacks: unleashing the power of instructional design and microtargeting. In: 16th Annual International Conference of Education, Research and Innovation (ICERI), Seville (2023) Charalambous, A., Stavrou, E.: Building societal resilience against social engineering attacks: unleashing the power of instructional design and microtargeting. In: 16th Annual International Conference of Education, Research and Innovation (ICERI), Seville (2023)
27.
Zurück zum Zitat Li, L., He, W., Xu, L., Ash, I., Anwar, M., Yuan, X.: Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inf. Manag. 45, 13–24 (2019)CrossRef Li, L., He, W., Xu, L., Ash, I., Anwar, M., Yuan, X.: Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inf. Manag. 45, 13–24 (2019)CrossRef
28.
Zurück zum Zitat Alshaikh, M., Naseer, H., Ahmad, A., Maynard, S.B: Toward sustainable behaviour change: an approach for cyber security education training and awareness. In: ECIS 2019 (2019) Alshaikh, M., Naseer, H., Ahmad, A., Maynard, S.B: Toward sustainable behaviour change: an approach for cyber security education training and awareness. In: ECIS 2019 (2019)
29.
Zurück zum Zitat Kävrestad, J., Rambusch, J., Nohlberg, M.: Design principles for cognitively accessible cybersecurity training. Comput. Secur. 137, 103630 (2024)CrossRef Kävrestad, J., Rambusch, J., Nohlberg, M.: Design principles for cognitively accessible cybersecurity training. Comput. Secur. 137, 103630 (2024)CrossRef
30.
Zurück zum Zitat Stavrou, E.: Planning for professional development in cybersecurity: a new curriculum design. In: IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA), Kent, UK (2023) Stavrou, E.: Planning for professional development in cybersecurity: a new curriculum design. In: IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA), Kent, UK (2023)
34.
Zurück zum Zitat Karimnia, R., Maennel, K., Shahin, M.: Culturally-sensitive cybersecurity awareness program design for Iranian high-school students. In: 8th International Conference on Information Systems Security and Privacy (ICISSP) (2022) Karimnia, R., Maennel, K., Shahin, M.: Culturally-sensitive cybersecurity awareness program design for Iranian high-school students. In: 8th International Conference on Information Systems Security and Privacy (ICISSP) (2022)
Metadaten
Titel
Harnessing the Right Talent for SETA Programs: Cybersecurity Roles and Competencies that Make a Difference
verfasst von
Apostolos Charalambous
Eliana Stavrou
Copyright-Jahr
2025
DOI
https://doi.org/10.1007/978-3-031-72563-0_10