Modeling Effective Cybersecurity Training Frameworks: a Delphi Method-based Study
Peer reviewed, Journal article
MetadataVis full innførsel
Today, cybersecurity training is commonplace in both large companies and Small & Medium Enterprise (SME). Nonetheless, the effectiveness of many of the current training offerings is put into question by reports of increasing successful cyber-attacks. While a number of models for developing Cybersecurity (CS) training frameworks for industrial personnel or general audience have been proposed, these models often lack consideration for humans aspects of learning (cognitive abilities, learning styles, meta-cognition among others) during development. Additionally, the success of a CS training program highly depends on its ability to engage participants. To develop a CS training framework that is able to motivate participants, we must consider individual-specific factors that can affect the result of training, besides establishing optimal training delivery methods and assessment. For this, in this work we propose a CS training framework based on a revised version of the ADDIE model and more recent research personalised learning theory. The Delphi method was used to both develop and validate our decisions during the development of the training framework model. The results of the decision of the Delphi method have later been compared to recommendations in the literature to create the finalised framework. This work presents two major distinctions from other CS training frameworks models described in the literature. First, the developed model is strongly based in learning theory foundations and takes into consideration differences in learning styles, cognitive abilities and metacognition of individuals, to offer tailored solutions optimized for each group of employees and single individual. Second, the use of the Delphi method and the involvement of experts stakeholders from various sides of academia and industry gave a wide insight into current needs and recommendations for CS training, as well as formal validation for the final development.