Organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may experience a number of challenges, including lack of funding and staff with the appropriate knowledge and skills to manage an effective program. While prior surveys and research have examined programs in the private sector, there is little understanding of whether these findings also apply within the U.S. government. To address this gap and better understand the needs, challenges, practices, and necessary competencies of federal security awareness teams and programs, NIST conducted a research study that leveraged both qualitative and quantitative methodologies. This companion document to NISTIR 8420 “Federal Cybersecurity Awareness Programs: A Mixed Methods Research Study” reports on a subset of study results focused on identifying the current job classifications, roles, and desired knowledge and skills for security awareness professionals within the federal government. Insights gained from these results are informing guidance and other initiatives to aid federal organizations in building security awareness teams with the appropriate competencies. While focused on the U.S. government, findings may also have implications for organizational security awareness professionals in other sectors.
Organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may experience a number of challenges, including lack of funding and staff with the appropriate knowledge and skills to manage an effective program. While prior surveys and research have examined programs...
See full abstract
Organizational cybersecurity awareness (hereafter shortened to “security awareness”) programs may experience a number of challenges, including lack of funding and staff with the appropriate knowledge and skills to manage an effective program. While prior surveys and research have examined programs in the private sector, there is little understanding of whether these findings also apply within the U.S. government. To address this gap and better understand the needs, challenges, practices, and necessary competencies of federal security awareness teams and programs, NIST conducted a research study that leveraged both qualitative and quantitative methodologies. This companion document to NISTIR 8420 “Federal Cybersecurity Awareness Programs: A Mixed Methods Research Study” reports on a subset of study results focused on identifying the current job classifications, roles, and desired knowledge and skills for security awareness professionals within the federal government. Insights gained from these results are informing guidance and other initiatives to aid federal organizations in building security awareness teams with the appropriate competencies. While focused on the U.S. government, findings may also have implications for organizational security awareness professionals in other sectors.
Hide full abstract
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
