Levels of Cybersecurity Training and Education
Source:IT4Sec Reports, Institute of Information and Communication Technologies, Number 117, Sofia (2015)
Keywords:attribution theory, awareness based training, Cybersecurity, organizational culture, Risk, risk appetite, „balance of consequences“
The ambition of individuals and their organizations to achieve a desired level of cybersecurity may be subject to the application of different strategies. Known approaches to achieving cybersecurity involve the establishment of effective legal systems, innovative technical solutions, rational organizational structures, etc. The focus in discussions of cybersecurity remains on people and their training, which can lower the vulnerability to cyber attacks. Counting on such a strategy to build cybersecurity, it is important to properly understand that cybersecurity training can be constructed at several levels. Each of these levels has specific characteristics, such as the approach and methods used for training, and as a consequence is associated with different results in terms of the cybersecurity achieved.