Automating the Communication of Cybersecurity Knowledge: Multi-Case Study
Alireza Shojaifar, Samuel A. Fricker, Martin Gwerder
TL;DR
This paper presents CYSEC, a tool based on Self-Determination Theory, that automates cybersecurity knowledge communication to SMBs, encouraging self-motivated security improvements through tailored assessments and recommendations, demonstrated via a multi-case study.
Contribution
The paper introduces CYSEC, a novel automated cybersecurity communication tool for SMBs that operationalizes Self-Determination Theory to promote self-motivated security practices.
Findings
Effective communication depends on SMBs' skills and tool compatibility.
Incremental learning steps improve SMB understanding.
Motivation aligns with business model and IT infrastructure.
Abstract
Cybersecurity is essential for the protection of companies against cyber threats. Traditionally, cybersecurity experts assess and improve a company's capabilities. However, many small and medium-sized businesses (SMBs) consider such services not to be affordable. We explore an alternative do-it-yourself (DIY) approach to bringing cybersecurity to SMBs. Our method and tool, CYSEC, implements the Self-Determination Theory (SDT) to guide and motivate SMBs to adopt good cybersecurity practices. CYSEC uses assessment questions and recommendations to communicate cybersecurity knowledge to the end-user SMBs and encourage self-motivated change. In this paper, the operationalisation of SDT in CYSEC is presented and the results of a multi-case study shown that offer insight into how SMBs adopted cybersecurity practices with CYSEC. Effective automated cybersecurity communication depended on the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.