Evaluation of a Tool to Increase Cybersecurity Awareness Among Non-experts (SME Employees)

21st December, 2023

Authors Kaiying Luan, Ragnhild Halvorsrud and Costas Boletsis


Abstract:

Humans are the weak link in cybersecurity, hence, this paper considers the human factor in cybersecurity and how the customer journey approach can be used to increase cybersecurity awareness. The Customer Journey Modelling Language (CJML) is used to document and visualise a service process. We expand the CJML formalism to encompass cybersecurity and develop an easy-to-use web application as a supporting tool for training and awareness. We present the results from the usability test with ten persons in the target group and report on usability and feasibility. All participants managed to finish the test, and most participants indicated that the tool was easy to use. By using the tool, non-expert users can make user journey diagrams showing basic conformance in a short time without professional training. For the threat diagram, half of the users achieved full conformance. In conclusion, the tool can serve as low-threshold cybersecurity awareness training for SME employees. We discuss the limitations and validity of the results and future work to improve the tool’s usability.

 

Authors: Kaiying Luan, Ragnhild Halvorsrud and Costas Boletsis

The paper can be found at the following link: https://sintef.brage.unit.no/sintef-xmlui/bitstream/handle/11250/3056517/116805.pdf?sequence=1

, , ragnhild.halvorsrud@sintef.no Halvorsrud Ragnhild Boletsis Costas