Cybersecurity knowledge requirements for strategic level decision makers

Fernando Garcia-Granados, Hayretdin Bahsi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Assuring an organization's cyber security posture requires the active involvement of decision makers at all levels, particularly strategic level decision makers such as C-level executives. These leaders have the primary responsibility of initiating security programs, publishing organization-wide security policies and are responsible for the oversight of security policy implementation. It is necessary for these executives to be properly informed, trained, and being provided with the tools required to fulfil their strategic management responsibilities. This study aims to provide a list of topics that would serve as knowledge requirements to be used as a basis for training or cyber exercises addressing strategic level decision-makers who do not have IT or security background, which is the case in most organizations. First, we conducted a literature review to identify an initial topic list. Then, this list was processed in a card sorting survey in which professionals in the roles of CTO, CIO or CISO were requested to determine the required level of knowledge strategic leaders should ideally have on each topic. The results indicate survey participants are more prone to not excluding any topic regardless of its level of technical expertise. They believe strategic leaders should have, at least, a general understanding and awareness of the topics chosen, even if the topics represent a more technical perspective. A general trend was found wherein topics in which business knowledge intersects with security knowledge were consistently ranked with a higher knowledge requirement, mainly relating to business impact.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020
EditorsBrian K. Payne, Hongyi Wu
PublisherAcademic Conferences and Publishing International Limited
Pages559-568
Number of pages10
ISBN (Electronic)9781912764525
DOIs
StatePublished - 2020
Externally publishedYes
Event15th International Conference on Cyber Warfare and Security, ICCWS 2020 - Norfolk, United States
Duration: Mar 12 2020Mar 13 2020

Publication series

NameProceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020

Conference

Conference15th International Conference on Cyber Warfare and Security, ICCWS 2020
Country/TerritoryUnited States
CityNorfolk
Period3/12/203/13/20

Keywords

  • Cybersecurity awareness
  • Cybersecurity knowledge requirements
  • Cybersecurity training
  • Strategic level decision makers

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Cybersecurity knowledge requirements for strategic level decision makers'. Together they form a unique fingerprint.

Cite this