Published: July 26, 2023
Author(s)
Lorenzo Neil (North Carolina State University), Julie Haney (NIST), Kerrianne Buchanan (NIST), Charlotte Healy (University of Maryland)
Conference
Name: IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2023)
Dates: 07/04/2023 - 07/06/2023
Location: Kent, United Kingdom
Citation: Human Aspects of Information Security and Assurance, vol. 674, pp. 391-404
Current definitions of cybersecurity are not standardized and are often targeted towards cybersecurity experts and academics. There has been little evaluation about the appropriateness and understandability of these definitions for non-experts (individuals without cybersecurity expertise). This poses a challenge for practitioners and researchers when trying to communicate the meaning and importance of cybersecurity to non-experts. We take an initial step towards addressing this challenge by building a corpus of cybersecurity definitions likely to be encountered by non-experts, unlike prior efforts that only consider definitions from authoritative sources. We observed several issues that may impede non-experts’ understanding, including cybersecurity definitions: being inconsistent in describing what cybersecurity is and does; often using overly-technical terminology; and varying greatly in the components of cybersecurity (e.g., objects of protection, who is responsible, threats) included in the definitions. Our findings illustrate the full landscape of cybersecurity definitions and provide a basis for investigating which definitions and terminology may be best for non-experts.
Current definitions of cybersecurity are not standardized and are often targeted towards cybersecurity experts and academics. There has been little evaluation about the appropriateness and understandability of these definitions for non-experts (individuals without cybersecurity expertise). This...
See full abstract
Current definitions of cybersecurity are not standardized and are often targeted towards cybersecurity experts and academics. There has been little evaluation about the appropriateness and understandability of these definitions for non-experts (individuals without cybersecurity expertise). This poses a challenge for practitioners and researchers when trying to communicate the meaning and importance of cybersecurity to non-experts. We take an initial step towards addressing this challenge by building a corpus of cybersecurity definitions likely to be encountered by non-experts, unlike prior efforts that only consider definitions from authoritative sources. We observed several issues that may impede non-experts’ understanding, including cybersecurity definitions: being inconsistent in describing what cybersecurity is and does; often using overly-technical terminology; and varying greatly in the components of cybersecurity (e.g., objects of protection, who is responsible, threats) included in the definitions. Our findings illustrate the full landscape of cybersecurity definitions and provide a basis for investigating which definitions and terminology may be best for non-experts.
Hide full abstract
Keywords
cybersecurity; definitions; non-experts
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
