Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges

Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains that technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. All OISUs, from accountants to cybersecurity forensics experts, can place organizational assets at risk. However, that risk is increased when OISUs do not have the cybersecurity competency necessary for operating an information system (IS). The main goal of this research study was to propose and validate, using subject matter experts (SME), a reliable hands-on prototype assessment tool for measuring the cybersecurity competency of an OISU. To perform this assessment, SMEs validated the critical knowledge, skills, and abilities (KSA) that comprise the cybersecurity competency of OISUs. Primarily using the Delphi approach, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: KSAs, KSA measures, KSA measure weights, and cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 of this study performed five semi-structured SME interviews before using the Delphi method and anonymous online surveys of 30 cybersecurity SMEs to validate OISU cybersecurity KSAs found in literature and United States government (USG) documents. The results of Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). In Phase 2, two rounds of the Delphi method with anonymous online surveys of 15 SMEs were used to propose and validate OISU cybersecurity KSA measures. The results of Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). In Phase 3, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate OISU cybersecurity KSA weights. The results of Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). When Phase 3 was completed, the MyCyberKSAsTM prototype assessment tool was developed using the results of Phases 1-3, and Phase 4 was initiated. In Phase 4, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate an OISU cybersecurity competency threshold (index score) of 80%, which was then integrated into the MyCyberKSAsTM prototype tool. Before initiating Phase 5, the MyCyberKSAsTM prototype tool was fully tested by 10 independent testers to verify the accuracy of data recording by the tool. After testing of the MyCyberKSAsTM prototype tool was completed, Phase 5 of this study was initiated. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype tool. Upon completion of Phase 5, data analysis of the cybersecurity competency results of the 54 OISUs was conducted. Data analysis was conducted in Phase 5 by computing levels of dispersion and one-way analysis of variance (ANOVA). The results of the ANOVA data analysis from Phase 5 revealed that annual cybersecurity training and job function are significant, showing differences in OISU cybersecurity competency. Additionally, ANOVA data analysis from Phase 5 showed that age, cybersecurity certification, gender, and time with company were not significant thus showing no difference in OISU cybersecurity competency. The results of this research study were validated by SMEs as well as the MyCyberKSAsTM prototype tool; and proved that the tool is capable of assessing the cybersecurity competency of an OISU. The ability for organizations to measure the cybersecurity competency of OISUs is critical to lowering risks that could be exploited by cyber threats. Moreover, the ability for organizations to continually measure the cybersecurity competency of OISUs is critical for assessing workforce susceptibility to emerging cyber threats. Furthermore, the ability for organizations to measure the cybersecurity competency of OISUs allows organizations to identify specific weaknesses of OISUs that may require additional training or supervision, thus lowering risks of being exploited by cyber threats

A Developmental Study on Assessing the Cybersecurity Competency of Organizational Information System Users

Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study was to propose and validate, using subject matter experts (SMEs), a reliable hands-on assessment prototype tool for measuring the knowledge, skills, and abilities (KSAs) that comprise the cybersecurity competency of an OISU. Primarily using the Delphi methodology, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: (a) KSAs, (b) KSA measures, (c) KSA measure weights, and (d) cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). Phase 4 proposed and validated an OISU cybersecurity competency threshold (index score) of 80%. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype cybersecurity competency assessment tool. Phase 5 conducted data analysis by computing levels of dispersion and one-way analysis of variance (ANOVA), which indicated that annual cybersecurity training and job function are significant, providing evidences for significant differences in OISU cybersecurity competency

The Nordic Seas carbon budget: Sources, sinks, and uncertainties

A carbon budget for the Nordic Seas is derived by combining recent inorganic carbon data from the CARINA database with relevant volume transports. Values of organic carbon in the Nordic Seas' water masses, the amount of carbon input from river runoff, and the removal through sediment burial are taken from the literature. The largest source of carbon to the Nordic Seas is the Atlantic Water that enters the area across the Greenland-Scotland Ridge; this is in particular true for the anthropogenic CO2. The dense overflows into the deep North Atlantic are the main sinks of carbon from the Nordic Seas. The budget show that presently 12.3 ± 1.4 Gt C yr−1 is transported into the Nordic Seas and that 12.5 ± 0.9 Gt C yr−1 is transported out, resulting in a net advective carbon transport out of the Nordic Seas of 0.17 ± 0.06 Gt C yr−1. Taking storage into account, this implies a net air-to-sea CO2 transfer of 0.19 ± 0.06 Gt C yr−1 into the Nordic Seas. The horizontal transport of carbon through the Nordic Seas is thus approximately two orders of magnitude larger than the CO2 uptake from the atmosphere. No difference in CO2 uptake was found between 2002 and the preindustrial period, but the net advective export of carbon from the Nordic Seas is smaller at present due to the accumulation of anthropogenic CO2

Erenumab in chronic migraine: Patient-reported outcomes in a randomized double-blind study.

OBJECTIVE: To determine the effect of erenumab, a human monoclonal antibody targeting the calcitonin gene-related peptide receptor, on health-related quality of life (HRQoL), headache impact, and disability in patients with chronic migraine (CM). METHODS: In this double-blind, placebo-controlled study, 667 adults with CM were randomized (3:2:2) to placebo or erenumab (70 or 140 mg monthly). Exploratory endpoints included migraine-specific HRQoL (Migraine-Specific Quality-of-Life Questionnaire [MSQ]), headache impact (Headache Impact Test-6 [HIT-6]), migraine-related disability (Migraine Disability Assessment [MIDAS] test), and pain interference (Patient-Reported Outcomes Measurement Information System [PROMIS] Pain Interference Scale short form 6b). RESULTS: Improvements were observed for all endpoints in both erenumab groups at month 3, with greater changes relative to placebo observed at month 1 for many outcomes. All 3 MSQ domains were improved from baseline with treatment differences for both doses exceeding minimally important differences established for MSQ-role function-restrictive (≥3.2) and MSQ-emotional functioning (≥7.5) and for MSQ-role function-preventive (≥4.5) for erenumab 140 mg. Changes from baseline in HIT-6 scores at month 3 were -5.6 for both doses vs -3.1 for placebo. MIDAS scores at month 3 improved by -19.4 days for 70 mg and -19.8 days for 140 mg vs -7.5 days for placebo. Individual-level minimally important difference was achieved by larger proportions of erenumab-treated participants than placebo for all MSQ domains and HIT-6. Lower proportions of erenumab-treated participants had MIDAS scores of severe (≥21) or very severe (≥41) or PROMIS scores ≥60 at month 3. CONCLUSIONS: Erenumab-treated patients with CM experienced clinically relevant improvements across a broad range of patient-reported outcomes. CLINICALTRIALSGOV IDENTIFIER: NCT02066415. CLASSIFICATION OF EVIDENCE: This study provides Class II evidence that for patients with CM, erenumab treatment improves HRQoL, headache impact, and disability

Finding the Balance Between Guidance and Independence in Cybersecurity Exercises

Abstract In order to accomplish cyber security tasks, one needs to know how to analyze complex data and when and how to use tools. Many hands-on exercises for cybersecurity courses have been developed to teach these skills. There is a spectrum of ways that these exercises can be taught. On one end of the spectrum are prescriptive exercises, in which students follow step-by-step instructions to run scripted exploits, perform penetration testing, do security audits, etc. On the other end of the spectrum are open-ended exercises and capture-the-flag activities, where little guidance is given on how to proceed. This paper reports on our experience with trying to find a balance between these extremes in the context of one of the suite of cybersecurity exercises that we have developed in the EDURange framework 1 . The particular exercise that we present teaches students about dynamic analysis of binaries using strace. We have found that students are most successful in these exercises when they are given the right amount of prerequisite knowledge and guidance as well as some opportunity to find creative solutions. Our scenarios are specifically designed to develop analysis skills and the security mindset in students and to complement the theoretical aspects of the discipline and develop practical skills

Progesterone Receptors: Form and Function in Brain

Emerging data indicate that progesterone has multiple non-reproductive functions in the central nervous system to regulate cognition, mood, inflammation, mitochondrial function, neurogenesis and regeneration, myelination and recovery from traumatic brain injury. Progesterone-regulated neural responses are mediated by an array of progesterone receptors (PR) that include the classic nuclear PRA and PRB receptors and splice variants of each, the seven transmembrane domain 7TMPRβ and the membrane-associated 25-Dx PR (PGRMC1). These PRs induce classic regulation of gene expression while also transducing signaling cascades that originate at the cell membrane and ultimately activate transcription factors. Remarkably, PRs are broadly expressed throughout the brain and can be detected in every neural cell type. The distribution of PRs beyond hypothalamic borders, suggests a much broader role of progesterone in regulating neural function. Despite the large body of evidence regarding progesterone regulation of reproductive behaviors and estrogen-inducible responses as well as effects of progesterone metabolite neurosteroids, much remains to be discovered regarding the functional outcomes resulting from activation of the complex array of PRs in brain by gonadally and/or glial derived progesterone. Moreover, the impact of clinically used progestogens and developing selective PR modulators for targeted outcomes in brain is a critical avenue of investigation as the non-reproductive functions of PRs have far-reaching implications for hormone therapy to maintain neurological health and function throughout menopausal aging

The Structure of Climate Variability Across Scales

One of the most intriguing facets of the climate system is that it exhibits variability across all temporal and spatial scales; pronounced examples are temperature and precipitation. The structure of this variability, however, is not arbitrary. Over certain spatial and temporal ranges it can be described by scaling relationships in the form of power‐laws in probability density distributions and autocorrelation functions. These scaling relationships can be quantified by scaling exponents which measure how the variability changes across scales and how the intensity changes with frequency of occurrence. Scaling determines the relative magnitudes and persistence of natural climate fluctuations. Here, we review various scaling mechanisms and their relevance for the climate system. We show observational evidence of scaling and discuss the application of scaling properties and methods in trend detection, climate sensitivity analyses, and climate predictio

Assessment of the risk to Norwegian biodiversity from import and keeping of American bison, European bison, domesticated water buffalo and domesticated yak.Scientific Opinion of the Panel on Alien Organisms and Trade in Endangered Species of the Norwegian Scientific Committee for Food and Environment

publishedVersio