Information Security Awareness and Training as a Holistic Key Factor – How Can a Human Firewall Take on a Complementary Role in Information Security?

Abstract

Human elements have been identified as a factor in over 95% of all security incidents. Current technical preventive, corrective, and defensive mechanisms address intelligent and practical approaches to increase the resilience of information technology (IT) systems. However, these approaches do not fully consider the behavioral, cognitive, and heterogeneous motivations that lead to human failure in the security causal chain. In this paper, we present the Awareness Continuum Management Model (ACM2), which is a role-based and topic-based theoretical approach for an information security awareness and training program that uses Boyd’s observe–orient–decide–act (OODA) loop as a framework. The proposed ACM2 is based on the situational engineering method and regards the human firewall as an integral, indispensable, and complementary part of the holistic approach to increase IT systems’ resilience. The proposed approach can be applied to different types of organizations and critical infrastructure and can be integrated into existing training programs.

Keywords: human factors, OODA loop, resilience, awareness model, cybersecurity awareness

DOI: 10.54941/ahfe1002201