Cyber security education is as essential as “The Three R’s”

Smartphones have diffused rapidly across South African society and constitute the most dominant information and communication technologies in everyday use. That being so, it is important to ensure that all South Africans know how to secure their smart devices. This requires a high level of security awareness and knowledge. As yet, there is no formal curriculum addressing cyber security in South African schools. Indeed, it seems to be left to Universities to teach cyber security principles, and they currently only do this when students take computing-related courses. The outcome of this approach is that only a very small percentage of South Africans, i.e. those who take computing courses at University, are made aware of cyber security risks and know how to take precautions. Moreover, because this group is overwhelmingly male, this educational strategy disproportionately leaves young female South Africans vulnerable to cyber attacks. We thus contend that cyber security ought to be taught as children learn the essential “3 Rs” – delivering requisite skills at University level does not adequately prepare young South Africans for a world where cyber security is an essential skill. Starting to provide awareness and knowledge at primary school, and embedding it across the curriculum would, in addition to ensuring that people have the skills when they need them, also remove the current gender imbalance in cyber security awareness

A framework to integrate information and communication technology security awareness into the South African education system

Text in EnglishThere is general consensus about the importance of Information and Communication Technology (ICT) security in South Africa. This consensus is evident from initiatives related to the formulation of legislation and policies like the Electronic Communications and Transactions (ECT) Act and the National Cyber Security Policy. A number of South African academic institutions have also come on board with initiatives aimed at enhancing ICT security awareness all over the country. In fact, ICT security awareness has been classified as an important component of South Africa’s national security. Many countries use ICT to improve and enhance the standard of their education systems. A number of scholars in South Africa have conducted studies with the aim of proving that ICT can play a major role in improving the quality of education in the country. The research in hand investigates the lack of integration of ICT security awareness into the South African education system. The literature review that was conducted reveals that there is a huge problem especially when it comes to the integration of ICT security awareness into the South African schooling system. The advancement of technology has come with a number of advantages and disadvantages. The easy access to information via the internet, coupled by unsupervised access to instant messaging applications (Skype, MXiT) and social media platforms (Facebook, Twitter and many more), hugely increases the vulnerability of school learners to ICT security attacks and ICT-related crime. The current research therefore investigates the vulnerability caused by the lack of ICT security awareness among school learners as one of the main disadvantages of the advancement of information technology. An analysis of existing models and frameworks in the two spheres of ICT, namely education and ICT security was conducted. The aim was to determine any similarities or overlap between these spheres and to determine whether the existing ICT models and frameworks are relevant to South Africa. The analysis showed a significant disparity and inconsistency between the two spheres and proved that there is a definite need for a framework (relevant to South Africa) that can be used for the integration of ICT security awareness into South African education. Hence, the researcher proposed a more integrated approach in the form of a framework that is directed at South African school learners, based on an in-depth literature review of past scholarly work, models and frameworks. Having reviewed a number of existing models and frameworks, and identifying the potential gaps, the researcher proposed a framework to address the lack of integration of ICT security awareness into the South African education system. The proposed framework, called the South African ICT Security Awareness Framework for Education (SAISAFE), was reviewed for its potential applicability in the South African context, and the results of the literature review analysis are reported to support the analysis of models and frameworks.School of ComputingM. A. (Computing

Cyber Operator Competencies: The Role of Cognitive Competencies in Cyber Operator Practice and Education

PhD Dissertations in Child and Youth Participation and Competence Development (BUK): 17. Articles 2, 3 and 4 have been removed from the digital thesis due to lack of permission from the publishers. These can be viewed in the relevant journals/books, and in the printed thesis.The theme of this thesis is the role of cognitive competencies in cyber operator practice and education. Cyber operator practice is a new field of research where the importance and attention is growing rapidly. Research has accumulated a solid amount of knowledge about the technical skills required by a cyber operator. However, less is known about the cognitive competencies that support cyber operator proficiency. In order to gain insight into the cognitive demands of cyber operators, the cognitions of young cyber officers(1) attending the Norwegian Defence Cyber Academy have been studied. Findings contributes to the development of theory and evidence-based knowledge needed to develop educational guidelines for the cyber operator workforce. This dissertation proposes and take steps towards validation of a conceptual framework, The Hybrid Space, that describes the cognitive work environment of military cyber operators. The Hybrid Space conceptual framework is introduced in the first article of this thesis and is used in all parts of the study. Methodological contributions include a method and a software to collect quantitative data on cyber operators’ cognitive focus and assess cognitive agility. Cognitive agility is proposed as a competence and a measure of cyber operator performance. Empirical data collected during a cyber defence exercise support our theoretical assumption and helps to further develop The Hybrid Space conceptual framework. Findings indicate that knowledge and understanding of cyberspace as a domain of operations and the cognitive competencies supporting cyber operator proficiency are limited. Cognitive agility is proposed as a cognitive competency and is associated with higher levels of selfregulation. These findings suggest that cognitive competencies can indeed support cyber operator performance. This thesis therefore contributes to cyber operator practice and education by suggesting that education and training would benefit from including the development of cognitive competencies alongside the technical education and training needed to become a cyber operator. In this way, this thesis adds new insight and perspective into the novel area of cyber operator practice. The results provide the first indications that cyber operator performance can be supported by the development of cognitive competencies during education. 1 Cyber officer and cyber operator are used interchangeably throughout the articles and this extended abstract. The reason is that the students undergo the same education, but the position they later get determine their career path and the accompanying title. The use of the terms is maturing in both military and civilian sectors. As of now neither finite guidelines nor agreed upon norms exist that guide the use of the titlesSammendrag Temaet for denne doktoravhandlingen er rollen til kognitive kompetanser i cyber operator praksis og utdanning. Cyber operator praksis er et nytt forskningsfelt som har fatt stor oppmerksomhet de siste arene. Forskning pa omradet har produsert kunnskap om hvilke tekniske kunnskaper og ferdigheter en cyber operator ma ha. Mindre kunnskap finnes om de kognitive kompetansene som en cyber operator trenger for a kunne utove sin praksis effektivt. For a fa bedre innsikt i de kognitive kravene som cyber operatorer stilles ovenfor har jeg studert unge cyber offiserer under utdanning pa Forsvarets Ingeniorhogskole (2) (FIH). Denne avhandlingen bidrar med kunnskap og empirisk grunnlag for a utvikle forskningsbasert utdanning for fremtidens cyber operatorer. Avhandlingen fremholder og starter validering et konseptuelt rammeverk, The Hybrid Space, som beskriver de kognitive kravene militare cyber operatorer ma forholde seg til i utovelsen av sitt virke. Rammeverket blir introdusert i forste artikkel av denne avhandlingen og blir brukt som konseptuelt fundament i resten av avhandlingen. Avhandlingen fremlegger ogsa en metode og et dataverktoy som kan brukes til a samle inn kvantitative data om cyber operatorers kognitive fokus. Dette dataverktoyet kan ogsa benyttes til a undersoke hvordan cyber operatorer utviser kognitiv fleksibilitet over tid nar de gjennomforer en cyber operasjon. Kognitiv fleksibilitet foreslas som et prestasjonsmal for cyber operatorer. Empiriske data innhentet under en cyberforsvars ovelse bekrefter vare teoretiske hypoteser og bidrar til videre utvikling av det konseptuelle rammeverket. Hovedfunnene indikerer at kunnskap om og forstaelse for cyberspace som operasjonsdomene og rollen til kognitive kompetanser i cyber operatorens utforelse av cyber operasjoner er begrenset. Denne avhandlingen argumenter for at evne til fleksibel kognitiv manover i operasjonsmiljoet, definert som ‘cognitive agility’, er en viktig kognitiv kompetanse for cyber operatorer som kan predikeres ved a undersoke evne til selvregulering. Disse funnene indikerer at kognitive kompetanser kan bidra til a understotte cyber operatorers prestasjon. Avhandlingen bidrar til cyber operator praksis og utdanning ved a vise til at utvikling av cyber operator kompetanse bor inkludere utvikling av kognitive kompetanser i tillegg til utvikling av tekniske kunnskaper og ferdigheter. Med disse funnene bidrar denne avhandlingen bidrar til ny innsikt og perspektiv pa cyber operator praksis og utdanning. 2 Forsvarets Ingeniørhøgskole (FIH) endret i 2018 navn til Cyberingeniørskolen (CIS) og ble samtidig underlagt Forsvarets Høgskole (FHS)

A Dynamic Framework Enhancing Situational Awareness in Cybersecurity SOC—IR

Organizations today face a significant challenge in protecting their valuable IT assets. Cyber criminals unlimited to physical boundaries are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services and steal sensitive data. With the purpose of employing socio-technical systems to detect, analyze and respond to these threats, enterprises organize security operations centres at the heart of their entities. As the environment constantly shifts (i.e., in 2020 the corona virus triggered a digital upheaval creating new attack surfaces; today the Ukrainian war have triggered cyber-conflict) the dependency on these systems increases the need for situational awareness. Essentially, having the capability to gather relevant information from the environment, the means to understand the gathered information, and reflecting that gained understanding for the current environment. This exploratory study examines how such capabilities are operationalized in leading Managed security service providers (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection & response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Thus, providing situational awareness at the different organizational levels is considered a complex process involving various sources of information, different levels of perspective, and different interpretations which trigger a complex set of decision-making processes. To explore this, we constructed a theory-informed narrative using a theoretical lens that resulted in the formulation of a conceptual framework. Thus, through interviews with practitioners from across the organizational levels of two leading MSSPs; parallel to inquiring about general aspects surrounding the subject of enterprise response, the conceptual frame-work was validated. The interview responses were then coded using categorization. The analysis informed the development of the conceptual framework, and so the framework was adjusted to account for the findings. Through interpretation of empirical evidence, the result is a final validated framework which models how cybersecurity operations are operationalized in the enterprise detection & response of leading MSSPs. With emphasis on situation awareness, the framework shows how technology, people and processes either support or engage in the perception, comprehension and projection of situation awareness knowledge in order to make informed decisions. Consequently, the framework takes into account the activities held post-incident to reflect upon the response, which we argue allows for the construction of team situation awareness. Our work contributes to situation awareness theory in the context of cybersecurity operations and incident response by advancing the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing the dynamic framework enhancing situation awareness in cybersecurity SOC—IR we expand on the models of Endsley (1995) and Ahmad et al. (2021) by combining elements of existing work with empirical findings to reflect best practices applied in MSSPs

A Dynamic Framework Enhancing Situational Awareness in Cybersecurity SOC—IR

Organizations today face a significant challenge in protecting their valuable IT assets. Cyber criminals unlimited to physical boundaries are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services and steal sensitive data. With the purpose of employing socio-technical systems to detect, analyze and respond to these threats, enterprises organize security operations centres at the heart of their entities. As the environment constantly shifts (i.e., in 2020 the corona virus triggered a digital upheaval creating new attack surfaces; today the Ukrainian war have triggered cyber-conflict) the dependency on these systems increases the need for situational awareness. Essentially, having the capability to gather relevant information from the environment, the means to understand the gathered information, and reflecting that gained understanding for the current environment.This exploratory study examines how such capabilities are operationalized in leading Managed security service providers (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection & response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Thus, providing situational awareness at the different organizational levels is considered a complex process involving various sources of information, different levels of perspective, and different interpretations which trigger a complex set of decision-making processes. To explore this, we constructed a theory-informed narrative using a theoretical lens that resulted in the formulation of a conceptual framework. Thus, through interviews with practitioners from across the organizational levels of two leading MSSPs; parallel to inquiring about general aspects surrounding the subject of enterprise response, the conceptual framework was validated. The interview responses were then coded using categorization. The analysis informed the development of the conceptual framework, and so the framework was adjusted to account for the findings. Through interpretation of empirical evidence, the result is a final validated framework which models how cybersecurity operations are operationalized in the enterprise detection & response of leading MSSPs. With emphasis on situation awareness, the framework shows how technology, people and processes either support or engage in the perception, comprehension and projection of situation awareness knowledge in order to make informed decisions. Consequently, the framework takes into account the activities held post-incident to reflect upon the response, which we argue allows for the construction of team situation awareness. Our work contributes to situation awareness theory in the context of cybersecurity operations and incident response by advancing the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing the dynamic framework enhancing situation awareness in cybersecurity SOC—IR we expand on the models of Endsley (1995) and Ahmad et al. (2021) by combining elements of existing work with empirical findings to reflect best practices applied in MSSPs

Reducing human error in cyber security using the Human Factors Analysis Classification System (HFACS).

For several decades, researchers have stated that human error is a significant cause of information security breaches, yet it still remains to be a major issue today. Quantifying the effects of security incidents is often a difficult task because studies often understate or overstate the costs involved. Human error has always been a cause of failure in many industries and professions that is overlooked or ignored as an inevitability. The problem with human error is further exacerbated by the fact that the systems that are set up to keep networks secure are managed by humans. There are several causes of a security breach related human error such as poor situational awareness, lack of training, boredom, and lack of risk perception. Part of the problem is that people who usually make great decisions offline make deplorable decisions online due to incorrect assumptions of how computer transactions operate. Human error can be unintentional because of the incorrect execution of a plan (slips/lapses) or from correctly following an inadequate plan (mistakes). Whether intentional or unintentional, errors can lead to vulnerabilities and security breaches. Regardless, humans remain the weak link in the process of interfacing with the machines they operate and in keeping information secure. These errors can have detrimental effects both physically and socially. Hackers exploit these weaknesses to gain unauthorized entry into computer systems. Security errors and violations, however, are not limited to users. Administrators of systems are also at fault. If there is not an adequate level of awareness, many of the security techniques are likely to be misused or misinterpreted by the users rendering adequate security mechanisms useless. Corporations also play a factor in information security loss, because of the reactive management approaches that they use in security incidents. Undependable user interfaces can also play a role for the security breaches due to flaws in the design. System design and human interaction both play a role in how often human error occurs particularly when there is a slight mismatch between the system design and the person operating it. One major problem with systems design is that they designed for simplicity, which can lead a normally conscious person to make bad security decisions. Human error is a complex and elusive security problem that has generally defied creation of a structured and standardized classification scheme. While Human error may never be completely eliminated from the tasks, they perform due to poor situational awareness, or a lack of adequate training, the first step to make improvements over the status quo is to establish a unified scheme to classify such security errors. With this background, I, intend to develop a tool to gather data and apply the Human Factors Analysis and Classification System (HFACS), a tool developed for aviation accidents, to see if there are any latent organizational conditions that led to the error. HFACS analyzes historical data to find common trends that can identify areas that need to be addressed in an organization to the goal of reducing the frequency of the errors

Employee Awareness on Phishing Threats: A Comparison of Related Frameworks and Models

Data and sensitive information in the public sector are major targets for cyberattacks. Officials in the public sector have developed a wide range of frameworks, models, and technology to help employees understand the risk of phishing attacks. However, these models havent been able to meet the total needs of institutions in terms of security. This study reviews the awareness frameworks and models used to increase users awareness of phishing scams and highlights the problems and drawbacks. Moreover, this study compares the various cybersecurity awareness frameworks and models. The findings show a need to enhance current phishing awareness frameworks and models that can handle phishing attacks in the workplace while also converting them into cybersecurity training input, mainly via a digital learning platform

Towards an aligned South African National Cybersecurity Policy Framework

This thesis measured and aligned factors that contribute to the misalignment of the South African National Cybersecurity Policy Framework (SA-NCPF). The exponential growth rate of cyber-attacks and threats has caused more headaches for cybersecurity experts, law enforcement agents, organisations and the global business economy. The emergence of the global Corona Virus Disease-2019 has also contributed to the growth of cyber-attacks and threats thus, requiring concerted efforts from everyone in society to devise appropriate interventions that mitigate unacceptable user behaviour in the reality of cyberspace. In this study, various theories were identified and pooled together into an integrative theoretical framework to provide a better understanding of various aspects of the law-making process more comprehensively. The study identified nine influencing factors that contributed to misalignment of the South African National Cybersecurity Policy Framework. These influencing factors interact with each other continuously producing complex relationships, therefore, it is difficult to measure the degree of influence of each factor, hence the need to look at and measure the relationships as Gestalts. Gestalts view individual interactions between pairs of constructs only as a part of the overall pattern. Therefore, the integrative theoretical framework and Gestalts approach were used to develop a conceptual framework to measure the degree of alignment of influencing factors. This study proposed that the stronger the coherence among the influencing factors, the more aligned the South African National Security Policy Framework. The more coherent the SA-NCPF is perceived, the greater would be the degree of alignment of the country's cybersecurity framework to national, regional and global cyberlaws. Respondents that perceived a strong coherence among the elements also perceived an effective SA-NCPF. Empirically, this proposition was tested using nine constructs. Quantitative data was gathered from respondents using a survey. A major contribution of this study was that it was the first attempt in South Africa to measure the alignment of the SA-NCPF using the Gestalts approach as an effective approach for measuring complex relationships. The study developed the integrative theoretical framework which integrates various theories that helped to understand and explain the South African law making process. The study also made a significant methodological contribution by adopting the Cluster-based perspective to distinguish, describe and predict the degree of alignment of the SA-NCPF. There is a dearth of information that suggests that past studies have adopted or attempted to address the challenge of alignment of the SA-NCPF using the cluster-based and Gestalts perspectives. Practical implications from the study include a review of the law-making process, skills development strategy, a paradigm shift to address the global Covid-19 pandemic and sophisticated cybercrimes simultaneously. The study asserted the importance of establishing an independent cybersecurity board comprising courts, legal, cybersecurity experts, academics and law-makers to provide cybersecurity expertise and advice. From the research findings, government and practitioners can draw lessons to review the NCPF to ensure the country develops an effective national cybersecurity strategy. Limitations and recommendations for future research conclude the discussions of this study