D. Ani, U. P. He, H. M. Tiwari, and A. , Human Capability Evaluation Approach for Cyber Security in Critical Industrial Infrastructure, Advances in Human Factors in Cybersecurity, pp.169-182, 2016.

T. Denning, A. Lerner, A. Shostack, and T. Kohno, Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. Presented at the Proceedings of the, ACM SIGSAC conference on Computer & communications security, 2013.

E. Yildirim, The Importance of Information Security Awareness for the Success of Business Enterprises, Advances in Human Factors in Cybersecurity, pp.211-222, 2016.

F. A. Aloul, The Need for Effective Information Security Awareness, JAIT, vol.3, pp.176-183, 2012.

G. Stewart and D. Lacey, Death by a thousand facts: Criticising the technocratic approach to information security awareness, Info Mngmnt & Comp Security, vol.20, pp.29-38, 2012.

N. A. Arachchilage and S. Love, Security awareness of computer users: A phishing threat avoidance perspective, Computers in Human Behavior, vol.38, pp.304-312, 2014.

,

K. Young-mclear, G. Wyman, J. Benin, and Y. Young-mclear, A White Hat Approach to Identifying Gaps Between Cybersecurity Education and Training: A Social Engineering Case Study, Advances in Human Factors in Cybersecurity, pp.229-237, 2016.

M. Pattinson, M. Butavicius, K. Parsons, A. Mccormac, and D. Calic, Managing information security awareness at an Australian bank: a comparative study, Info and Computer Security, vol.25, pp.181-189, 2017.

M. Kajzer, J. D'arcy, C. R. Crowell, A. Striegel, and D. Van-bruggen, An exploratory investigation of message-person congruence in information security awareness campaigns, Computers & Security, vol.43, pp.64-76, 2014.

A. Mccormac, T. Zwaans, K. Parsons, D. Calic, M. Butavicius et al., Individual differences and Information Security Awareness, Computers in Human Behavior, vol.69, pp.151-156, 2017.

M. Pattinson, M. Butavicius, B. Ciccarellol, M. Lillie, K. Parsons et al., Adapting Cyber-Security Training to Your Employees, Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance, pp.67-79, 2018.

A. Tsohou, E. Kiountouzis, M. Karyda, and S. Kokolakis, Analyzing trajectories of information security awareness, Info Technology & People, vol.25, pp.327-352, 2012.

,

N. Waly, R. Tassabehji, and M. Kamala, Improving Organisational Information Security Management: The Impact of Training and Awareness, 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems, pp.1270-1275, 2012.

M. Chaplin, J. Creasey, and S. Thathupara, The standard of good practice for in-formation security 2016, Information Security Forum Limited, 2016.

A. Jordan, G. Haken, and J. Creasey, The Standard of Good Practice for Information Security, Information Security Forum, 2018.

H. N. Chua, S. F. Wong, Y. C. Low, and Y. Chang, Impact of employees' demographic characteristics on the awareness and compliance of information security policy in organizations, Telematics and Informatics, vol.35, pp.1770-1780, 2018.

,

B. Lebek, J. Uffen, M. H. Breitner, M. Neumann, and B. Hohler, Employees' Information Security Awareness and Behavior: A Literature Review, 2013 46th Hawaii International Conference on System Sciences, pp.2978-2987, 2013.

R. Poepjes, The development and evaluation of an information security awareness capability model: linking ISO/IEC 27002 controls with awareness importance, capability and risk, 2015.

M. Alshaikh, S. B. Maynard, A. Ahmad, and S. Chang, An Exploratory Study of Current Information Security Training and Awareness Practices in Organizations, 51st Hawaii International Conference on System Sciences, pp.1-10, 2018.

K. Parsons, A. Mccormac, M. Butavicius, M. Pattinson, and C. Jerram, Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)

, Computers & Security, vol.42, pp.165-176, 2014.

,