Automating the Communication of Cybersecurity Knowledge: Multi-Case Study

Cybersecurity is essential for the protection of companies against cyber threats. Traditionally, cybersecurity experts assess and improve a company's capabilities. However, many small and medium-sized businesses (SMBs) consider such services not to be affordable. We explore an alternative do-it-yourself (DIY) approach to bringing cybersecurity to SMBs. Our method and tool, CYSEC, implements the Self-Determination Theory (SDT) to guide and motivate SMBs to adopt good cybersecurity practices. CYSEC uses assessment questions and recommendations to communicate cybersecurity knowledge to the end-user SMBs and encourage self-motivated change. In this paper, the operationalisation of SDT in CYSEC is presented and the results of a multi-case study shown that offer insight into how SMBs adopted cybersecurity practices with CYSEC. Effective automated cybersecurity communication depended on the SMB's hands-on skills, tools adaptedness, and the users' willingness to documenting confidential information. The SMBs wanted to learn in simple, incremental steps, allowing them to understand what they do. An SMB's motivation to improve security depended on the fitness of assessment questions and recommendations with the SMB's business model and IT infrastructure. The results of this study indicate that automated counselling can help many SMBs in security adoption. The final publication is available at Springer via https://link.springer.com/chapter/10.1007%2F978-3-030-59291-2_8Comment: 14 pages, 1 figure, 13th World Conference on Information Security Educatio

Energy policy under austerity localism: what role for local authorities?

In the UK, local authorities (LAs) have been placed at the forefront of domestic energy-reduction strategies as the responsible actors for coordinating policy in this sector. Yet, there has been little research regarding the role of LAs in this policy agenda, and their abilities to bring together stakeholders in the successful design and implementation of strategies to reduce energy demands. The paper aims to fill this gap by highlighting the relevance and importance of the energy policy sphere to local government studies, building on the idea of resilient LAs within the context of tensions between the localism agenda and the actual implementation of energy efficiency polices. This is achieved through multiple rounds of semi-structured interviews with LA officers. Our findings reveal that LAs, operating under a localism agenda, lack the freedoms and resources from central government to meet the needs of multiple stakeholders, resorting to short-term policies

In a world of their own: working on the move

The traditional model of white collar workers inhabiting offices to carry out their tasks is no longer valid in the 21st century. Many employees now carry information with them and work while travelling, in hotels and at home. This is a relatively recent development, however, and since the information they carry with them is often sensitive, we have to consider how this new model impacts on the security of the organisation’s now distributed and potentially unsecured information. Whereas previously employees could relax within the company’s office space, they now cannot let their guard down since they are surrounded by strangers who are not bound by the same loyalties or employment contracts. How aware are mobile workers of the risks of mobile working? Situational Awareness is a concept that has been well known since its role in the development in aircraft design following World War One. It continues to inform studies on the use of mobile phones in cars and the role of distraction in pedestrian accidents. This paper reports on research into leakage of sensitive business information that results from inattention to the risk of working in public places, while on the move