Bridging the Gap between Security Competencies and Security Threats: Toward a Cyber Security Domain Model

Presenter Information

Florian Schütz, University of GoettingenFollow
Florian Rampold, Georg-August-University of GöttingenFollow
Kristin Masuch, University of GoettingenFollow
Patricia Köpfer, University of HohenheimFollow
Dominik Mann, Georg-August-University of GöttingenFollow
Julia Warwas, University of HohenheimFollow
Simon Trang, Georg August University, GoettingenFollow

Location

Online

Event Website

https://hicss.hawaii.edu/

Start Date

3-1-2023 12:00 AM

End Date

7-1-2023 12:00 AM

Description

Security incidents are increasing in a wide range of organizational types and sizes worldwide. Although various threat models already exist to classify security threats, they seem to take insufficient account of which organizational assets the threat events are targeting. Therefore, we argue that conducting more job-specific IT security training is necessary to ensure organizational IT security. This requires considering which assets employees use in their daily work and for which threat events employees need to build up IT security competencies. Subsequently, we build a framework-based Cyber Security Domain Model (CSDM) for IT-secure behavior. We follow the Evidence Centered Assessment Design (ECD) to provide a deep- dive analysis of the domain for IT-secure behavior. As the leading result relevant for research and practice, we present our CSDM consisting of 1,087 cyber threat vectors and apply it to five job specifications.

Recommended Citation

Schütz, Florian; Rampold, Florian; Masuch, Kristin; Köpfer, Patricia; Mann, Dominik; Warwas, Julia; and Trang, Simon, "Bridging the Gap between Security Competencies and Security Threats: Toward a Cyber Security Domain Model" (2023). Hawaii International Conference on System Sciences 2023 (HICSS-56). 8.
https://aisel.aisnet.org/hicss-56/os/cybersecurity/8