Although advances in Information Technology (IT) have been significant over the past several decades when it comes to protection of corporate information systems (IS), human errors and social engineering appear to prevail in circumventing such IT protections. While most employees may have the best of intentions, without cybersecurity skills they represent the weakest link in an organization’s IS security. Skills are defined as the combination of knowledge, experience, and ability to do something well. Cybersecurity skills correspond to the skills surrounding the hardware and software required to execute IS security to mitigate cyber-attacks. However, the current measures of end-user cybersecurity skills are based on self-reported surveys. This study is the second phase of a larger research project that is aimed to develop a scenario-based iPad application to measure cybersecurity skills based on actual scenarios with hands-on tasks that the participants complete in demonstrating their skills. To design a measure that has both high validity and reliability, subject matter experts’ (SMEs) opinion of the top nine cybersecurity skills and their skill importance weight were identified in the first phase of the study following the Delphi method. This phase of the research in progress involves the design and development of the MyCyberSkills™ iPad application (app) using scenario-based, hands-on tasks related to each of the nine SMEs identified cybersecurity skills.
Carlton, Melissa; Levy, Yair; Ramim, Michelle; and Terrell, Steven, "Development of the MyCyberSkills™ iPad App: A Scenarios-Based, Hands-On Measure of Non-IT Professionals’ Cybersecurity Skills" (2015). WISP 2015 Proceedings. 24.