Skip to Main content Skip to Navigation
New interface
Conference papers

Automating the Communication of Cybersecurity Knowledge: Multi-case Study

Abstract : Cybersecurity is essential for the protection of companies against cyber threats. Traditionally, cybersecurity experts assess and improve a company’s capabilities. However, many small and medium-sized businesses (SMBs) consider such services not to be affordable. We explore an alternative do-it-yourself (DIY) approach to bringing cybersecurity to SMBs. Our method and tool, CYSEC, implements the Self-Determination Theory (SDT) to guide and motivate SMBs to adopt good cybersecurity practices. CYSEC uses assessment questions and recommendations to communicate cybersecurity knowledge to the end-user SMBs and encourage self-motivated change. In this paper, the operationalisation of SDT in CYSEC is presented and the results of a multi-case study shown that offer insight into how SMBs adopted cybersecurity practices with CYSEC. Effective automated cybersecurity communication depended on the SMB’s hands-on skills, tools adaptedness, and the users’ willingness to documenting confidential information. The SMBs wanted to learn in simple, incremental steps, allowing them to understand what they do. An SMB’s motivation to improve security depended on the fitness of assessment questions and recommendations with the SMB’s business model and IT infrastructure. The results of this study indicate that automated counselling can help many SMBs in security adoption.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03380700
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, October 15, 2021 - 5:05:40 PM
Last modification on : Wednesday, November 3, 2021 - 7:07:00 AM
Long-term archiving on: : Sunday, January 16, 2022 - 9:17:03 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Alireza Shojaifar, Samuel A. Fricker, Martin Gwerder. Automating the Communication of Cybersecurity Knowledge: Multi-case Study. 13th IFIP World Conference on Information Security Education (WISE), Sep 2020, Maribor, Slovenia. pp.110-124, ⟨10.1007/978-3-030-59291-2_8⟩. ⟨hal-03380700⟩

Share

Metrics

Record views

15