Development of cybersecurity training program for the academic community -a role based approach

Abstract

The IT security awareness is an ever increasing issue in today’s world. It is generally believed by the IT security professionals’ community that people are one of the weakest links in the process of systems and networks security. The foundation of information security is based on three major pillars; people, process and technology. When it comes to technology and its vulnerabilities, there are fixes and patches. When it comes to IT processes and their vulnerabilities, there are fixes and patches. But there is absolutely no patch to human misjudgment or unawareness. Organizations develop security procedures and policies to ensure the availability, confidentiality and integrity of information. But these security policies and procedures alone are not enough for the protection of information and IT assets of organization. Failure in paying attention to the security training poses greater risk to organizations because IT security is not merely a technology issue but also a human issue. The future of a nation relies largely on its youth and so does the future of its cyberspace. The nations’ youth with extra-ordinary knowledge and skill in Internet usage help in creating a flourishing cyberspace and ultimately a powerful country. This is the reason why developed countries like US and UK have cyber security awareness programs for the children as young as four years old thereby producing the youth with security conscious attitudes and hence enhanced security posture. While the countries like Pakistan are only focusing on technology and processes and not on the people, rendering the people totally vulnerable to technology threats and attacks. Lack of awareness and training is a vacuum in IT security world and this research aims to fill this vacuum. This research aims at laying down a foundation for security awareness for the academic community for both the general users and the individuals having significant IT related responsibilities. The idea of role-based training is to recruit and educate the IT individuals according to their specific domain need to avoid lack of adequate training or over consumption of training. Role-based training is required within the security arena as it addresses the training specific to the IT role, functional job and responsibility of the individuals. This research has assessed security awareness levels and needs of the general and IT users in different domains and designed security training programs accordingly. This research shall help the academic community in gaining more and better understanding of cybersecurity awareness needs and increase the individuals’ readiness to respond to security incidents and to stay one step ahead from the adversary.