Cybersecurity Awareness (Advances in Information Security, 88)

Preface
Acknowledgment
Contents
List of Contributors
Chapter 1: A Case for Cybersecurity Awareness Systems
	1.1 Introduction
	1.2 The Cybersecurity Landscape
	1.3 The State-of-the-Art in Cybersecurity Practice
		1.3.1 Technological
		1.3.2 Organisational
		1.3.3 National, European and Global Cybersecurity Efforts
	1.4 European Union Legislation Driving a Paradigm Shift
	1.5 Cybersecurity Requirements for LPAs
	1.6 Cybersecurity Awareness in the Context of an LPA
	1.7 Summary and Outlook
	References
Chapter 2: The Socio-Technical Approach to Cybersecurity Awareness
	2.1 Introduction
	2.2 Introducing the Concept of Socio-Technical Systems
		2.2.1 Socio-Technical Systems and Soft Systems Design
		2.2.2 Soft Systems Methodology
	2.3 SSM in Action: The CS-AWARE Approach
		2.3.1 A Practical Guide to the CS-AWARE Analysis Approach
			2.3.1.1 Structural Analysis: Understanding the Socio-Technical System in Terms of Assets and Dependencies
			2.3.1.2 Business Process and Information Flow Analysis
			2.3.1.3 System Behaviour Analysis
		2.3.2 Examples from the CS-AWARE Pilot Use Cases
	2.4 Outcomes and Conclusions
	References
Chapter 3: Story Telling
	3.1 Introduction
	3.2 About Collaborative Story Telling
	3.3 Workshop 1
		3.3.1 Workshop I: Procedure
		3.3.2 Workshop I: The Stories
		3.3.3 Workshop I: Analysis
			3.3.3.1 The Service-User Activity System
			3.3.3.2 The IT-Department Activity System
	3.4 Workshop 2
		3.4.1 Workshop 2: Procedure
		3.4.2 Workshop 2: The Stories
		3.4.3 Workshop 2: Analysis
			3.4.3.1 The Service-User Activity System
			3.4.3.2 The IT-Department Activity System
	3.5 Main Conclusion
	References
Chapter 4: The Design of CS-AWARE Technology
	4.1 Introduction
	4.2 The CS-AWARE System Architecture
		4.2.1 Description of the Main Components
			4.2.1.1 System and Dependency Analysis
			4.2.1.2 Data Collection and Storage
			4.2.1.3 Data Analysis
			4.2.1.4 Multi-Lingual Semantics Support
			4.2.1.5 Data Visualisation
			4.2.1.6 Cybersecurity Information Exchange
			4.2.1.7 Self-Healing
		4.2.2 The CS-AWARE Framework
	4.3 Development and Integration
		4.3.1 Existing Components Adaptation
		4.3.2 Planning the Components’ Integration
		4.3.3 Integration Challenges
	4.4 Interface Design for Increased Awareness
		4.4.1 Initial Thoughts on Conveying Cybersecurity Awareness to the User
		4.4.2 The Evolution of the Interface According to User Feedback
	4.5 Conclusions
	References
Chapter 5: Deployment and Validation of the CS-AWARE Solution at Two Pilot Sites: A Combined Agile Software Development and Design-Based Research Approach
	5.1 Introduction
	5.2 Establishing the Socio-Technical Context
	5.3 The Deployment Scenario
	5.4 Validation Methods
		5.4.1 Requirements, KPIs, Questionnaires
			5.4.1.1 Level 1: Technical
			5.4.1.2 Level 2: Usability
			5.4.1.3 Level 3: Awareness
			5.4.1.4 Level 4: Organisation
		5.4.2 Qualitative Instruments and Procedures
	5.5 Deployment and Evaluation Outcomes in Cycle 1
		5.5.1 Deployment Activity in Cycle 1
		5.5.2 Technical Validation during Cycle 1
		5.5.3 Usability Testing in Cycle 1
		5.5.4 Awareness Outcomes for Cycle 1
			5.5.4.1 Awareness Requirements, Baseline Level
			5.5.4.2 Qualitative Interpretation of Awareness
		5.5.5 Conclusions of Evaluation of Cycle 1
	5.6 Deployment and Validation Outcomes for Cycle 2
		5.6.1 Deployment Activities in Cycle 2
		5.6.2 Validation Outcomes in Cycle 2
			5.6.2.1 Technical Validation in Cycle 2
			5.6.2.2 Usability Testing and Questionnaires in Cycle 2
			5.6.2.3 Awareness in Cycle 2
			5.6.2.4 The Organization Level in Cycle 2
		5.6.3 Conclusions of Evaluation of Cycle 2
	5.7 Deployment and Validation in Cycle 3
		5.7.1 Validation of Technology in Cycle 3
		5.7.2 Evaluation of Usability in Cycle 3
		5.7.3 Evaluation of Awareness in Cycle 3
		5.7.4 Evaluation of the Organizational Level in Cycle 3
		5.7.5 Conclusions After the Evaluation of Cycle 3
	5.8 Final Conclusions of Piloting
		5.8.1 To What Extent Is the Technical Implementation of Cs-Aware Effective?
		5.8.2 To What Extent Is the Cs-Aware System Usable by Expected Target Users?
		5.8.3 To What Extent Is the Awareness of Users Affected by Discussing and Using the System during Deployment?
		5.8.4 To What Extent Does Using the Cs-Aware System Have Impact on Cybersecurity Awareness at the Organisational Level?
	References
Chapter 6: Cybersecurity Awareness in Rome and Larissa: Before, During and After CS-AWARE
	6.1 Introduction
	6.2 How the Chapter Was Written
	6.3 The Experience in Larissa
	6.4 Added Complexity for Rome
	6.5 Cybersecurity Awareness in Rome and Larissa Before the Project
	6.6 Expectations of Using CS-AWARE in Rome and Larissa
	6.7 Outcomes
		6.7.1 Increased Reflection
		6.7.2 Increased Understanding of the Internal Organization
		6.7.3 Teambuilding and Internal Collaboration
		6.7.4 Collaboration with Academics
	6.8 Perspectives for the Future
	6.9 Aftermath
Chapter 7: Marketing a cybersecurity Awareness Solution in LPA Contexts
	7.1 Introduction
	7.2 The Case of Italian Municipalities
	7.3 Marketing Strategies
		7.3.1 Building Credibility and Trust by Creating Comprehensive and Data-Driven Content
		7.3.2 Metrics of Usage
			7.3.2.1 Consumption Metrics
			7.3.2.2 Sharing Metrics
			7.3.2.3 Lead Generation Metrics
			7.3.2.4 Sales Metrics
		7.3.3 Email Marketing
		7.3.4 Try to Educate Your “Bottom-of-the-Funnel” Leads with Interactive Sessions
		7.3.5 Up Your Content Strategy Using Paid Campaigns
		7.3.6 Identify the Decision Makers Who Does What?
		7.3.7 Focus on Topics Relevant to the Range of Vertical Services Involved
	7.4 Closing Comments
	References
Chapter 8: Can CS-AWARE be Adapted to the Needs of Different User Groups?
	8.1 Introduction
	8.2 Concepts and Requirements
		8.2.1 Supporting Concepts
			8.2.1.1 Collaboration & Communication
			8.2.1.2 Multi-Stakeholder Involvement
			8.2.1.3 Multi-Stakeholder Visualization
			8.2.1.4 Situational Awareness
		8.2.2 Functional Requirements
		8.2.3 Visual Design Requirements
	8.3 System Architecture
		8.3.1 System Overview
		8.3.2 Data Collection and Information Sharing
		8.3.3 Data Processing
		8.3.4 Explorative Data Visualization
		8.3.5 Communication & Collaboration
	8.4 Prototype & Evaluation
		8.4.1 Implementation
			8.4.1.1 Prototype System Overview
			8.4.1.2 Design
			8.4.1.3 Functionality
		8.4.2 Evaluation
			8.4.2.1 Participants
			8.4.2.2 UI/UX Test
			8.4.2.3 Qualitative Analysis
			8.4.2.4 Quantitative Analysis
	8.5 Conclusions
	References
Chapter 9: Other Applications for Cybersecurity Awareness
	9.1 The CS-AWARE Approach
	9.2 Knowledge Management
	9.3 Better Cybersecurity Cooperation and Collaboration Between Different Organisations
	9.4 Smart City Applications
	9.5 e-Democracy and e-Governance in the EU Due to COVID-19
	9.6 Managing Cross-Sector and Cross-Border Dependencies in the European Critical Infrastructure Context
	9.7 Autonomous Collaborative Robots: UAV, UGV, Water Vessels Heavy Duty Machines
	9.8 Conclusion
	References