Published: January 17, 2023
Author(s)
Julie Haney (NIST), Jody Jacobs (NIST), Susanne Furman (NIST)
Conference
Name: ACM SIGMIS Computers and People Research Conference 2022
Dates: 06/02/2022 - 06/04/2022
Location: Atlanta, GA
Citation: Proceedings of the ACM SIGMIS Computers and People Research Conference 2022, pp. 1-12
Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified desired skills for these professionals, finding that many are ill-prepared due to gaps in professional skills (e.g., communication, interpersonal) and a lack of recognition of the unique awareness role. However, it is unclear if these findings are similar for security awareness professionals in the United States (U.S.) federal government sector in which awareness plays an important part in teaching employees how to protect sensitive national and citizen data. To identify the current roles, professional backgrounds, and desired knowledge and skills for government security awareness professionals, we conducted a two-phase research study that leveraged focus group and survey methodologies. Insights gained from these results can inform guidance and other initiatives to aid organizations in building security awareness teams with the appropriate competencies. While focused on the U.S. government, findings may also have implications for other sectors and countries.
Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified desired skills for these professionals, finding...
See full abstract
Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified desired skills for these professionals, finding that many are ill-prepared due to gaps in professional skills (e.g., communication, interpersonal) and a lack of recognition of the unique awareness role. However, it is unclear if these findings are similar for security awareness professionals in the United States (U.S.) federal government sector in which awareness plays an important part in teaching employees how to protect sensitive national and citizen data. To identify the current roles, professional backgrounds, and desired knowledge and skills for government security awareness professionals, we conducted a two-phase research study that leveraged focus group and survey methodologies. Insights gained from these results can inform guidance and other initiatives to aid organizations in building security awareness teams with the appropriate competencies. While focused on the U.S. government, findings may also have implications for other sectors and countries.
Hide full abstract
Keywords
cybersecurity awareness training; work roles; skills; knowledge
Control Families
None selected
