TY - GEN
T1 - Cybersecurity knowledge requirements for strategic level decision makers
AU - Garcia-Granados, Fernando
AU - Bahsi, Hayretdin
N1 - Publisher Copyright:
© 2020. the authors. All Rights Reserved.
PY - 2020
Y1 - 2020
N2 - Assuring an organization's cyber security posture requires the active involvement of decision makers at all levels, particularly strategic level decision makers such as C-level executives. These leaders have the primary responsibility of initiating security programs, publishing organization-wide security policies and are responsible for the oversight of security policy implementation. It is necessary for these executives to be properly informed, trained, and being provided with the tools required to fulfil their strategic management responsibilities. This study aims to provide a list of topics that would serve as knowledge requirements to be used as a basis for training or cyber exercises addressing strategic level decision-makers who do not have IT or security background, which is the case in most organizations. First, we conducted a literature review to identify an initial topic list. Then, this list was processed in a card sorting survey in which professionals in the roles of CTO, CIO or CISO were requested to determine the required level of knowledge strategic leaders should ideally have on each topic. The results indicate survey participants are more prone to not excluding any topic regardless of its level of technical expertise. They believe strategic leaders should have, at least, a general understanding and awareness of the topics chosen, even if the topics represent a more technical perspective. A general trend was found wherein topics in which business knowledge intersects with security knowledge were consistently ranked with a higher knowledge requirement, mainly relating to business impact.
AB - Assuring an organization's cyber security posture requires the active involvement of decision makers at all levels, particularly strategic level decision makers such as C-level executives. These leaders have the primary responsibility of initiating security programs, publishing organization-wide security policies and are responsible for the oversight of security policy implementation. It is necessary for these executives to be properly informed, trained, and being provided with the tools required to fulfil their strategic management responsibilities. This study aims to provide a list of topics that would serve as knowledge requirements to be used as a basis for training or cyber exercises addressing strategic level decision-makers who do not have IT or security background, which is the case in most organizations. First, we conducted a literature review to identify an initial topic list. Then, this list was processed in a card sorting survey in which professionals in the roles of CTO, CIO or CISO were requested to determine the required level of knowledge strategic leaders should ideally have on each topic. The results indicate survey participants are more prone to not excluding any topic regardless of its level of technical expertise. They believe strategic leaders should have, at least, a general understanding and awareness of the topics chosen, even if the topics represent a more technical perspective. A general trend was found wherein topics in which business knowledge intersects with security knowledge were consistently ranked with a higher knowledge requirement, mainly relating to business impact.
KW - Cybersecurity awareness
KW - Cybersecurity knowledge requirements
KW - Cybersecurity training
KW - Strategic level decision makers
UR - http://www.scopus.com/inward/record.url?scp=85083355466&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85083355466&partnerID=8YFLogxK
U2 - 10.34190/ICCWS.20.102
DO - 10.34190/ICCWS.20.102
M3 - Conference contribution
AN - SCOPUS:85083355466
T3 - Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020
SP - 559
EP - 568
BT - Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020
A2 - Payne, Brian K.
A2 - Wu, Hongyi
PB - Academic Conferences and Publishing International Limited
T2 - 15th International Conference on Cyber Warfare and Security, ICCWS 2020
Y2 - 12 March 2020 through 13 March 2020
ER -