In an increasingly digitalized world, companies face the constant challenge of securing their IT systems against cyber threats. Given the rising number of cyberattacks and the growing interconnectedness of devices, it is becoming increasingly important to develop effective measures to raise IT security-awareness among employees. This paper addresses the question of how the most common security-awareness training methods can be adapted to the different learning styles and needs of various employee groups in order to improve awareness and competence in dealing with cybersecurity challenges. The paper is divided into several main sections: First, various definitions and terms related to cybersecurity are explained. This is followed by a detailed examination of different learning styles, based on established models such as the VARK system by Mills and Neil as well as David Kolb's learning cycle. Subsequently, the most common methods for designing cybersecurity training programs are analyzed, and long-term strategies for maintaining IT security-awareness are explained. This includes a closer look at a cybersecurity strategy process, the challenges faced by companies, and literature-based recommendations. The empirical part of the paper includes a qualitative survey based on expert interviews to investigate and evaluate the methods applied in practice. Experts from various areas of IT security were interviewed to gain a comprehensive picture of current training strategies and methods. The results of the study show that the adaptation of training measures to the individual learning styles of employees is currently being implemented in small to medium-sized companies, but not in large corporations due to the hygiene factor. Furthermore, it was found that companies are relying on different methods to deliver the learning content. Common measures include informational materials, digital communication, training sessions, as well as simulation and interaction methods. It was revealed that visual and interactive approaches, such as videos and phishing simulations, as well as presentations that include real experiences from actual cybersecurity incidents, are perceived as particularly effective by both employees and experts. For the future, customized training content tailored to individual employees is planned.
Date of Award | 2024 |
---|
Original language | German (Austria) |
---|
Supervisor | Dietmar Nedbal (Supervisor) |
---|
Cybersecurity-Bewusstsein in Unternehmen: Eine Analyse der Gestaltungsmethoden von Security-Awareness Trainings
Ortbauer, M. (Author). 2024
Student thesis: Bachelor's Thesis