Skip to main content
SpringerLink
Log in

Study on the Impact of Learning About Information Security Measures on Mental Models: Applying Cybersecurity Frameworks to Self-learning Materials

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12788))

Included in the following conference series:

  • 1770 Accesses

Abstract

The shortage of information-security workers is a problem. Appropriate mental models are considered important to encourage learners to appropriately plan, understand, and act on security measures. We aim to create materials to help security staff members acquire the right mental model in their learning and improve the learning effect. To create such materials, it is important to investigate the current mental model of the staff, how the model changes through learning, and its impact on the learning efficiency.

A preliminary experiment was conducted on individuals who had not received such education and individuals who had participated in security-related work for a few to several years. The participants self-studied both standard and revised materials on information security measures, and we conducted tests and semi-structured interviews to examine the changes in their performance and confidence as well as the changes to their mental models before and after self-learning.

Four mental models were identified during the experiment: role-based, timeline/phase-based, framework-based, and unstructured models. After learning, for those with security-related work experience, we identified examples of changing to a framework-based model, and for groups with no security education, we identified examples of acquiring a role-based model. Instances when the model did not change were also noted. The test scores and degree of confidence of both groups improved after the self-learning, and a significant difference was shown for questions regarding which security measures contribute to which security function based on a small sample size

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Fundamental research for education of security human resources. https://www.ipa.go.jp/security/fy23/reports/jinzai/ Accessed 12 Feb 2021

  2. Report of questionnaire survey on information security incidents. https://lab.iisec.ac.jp/~hiromatsu_lab/sub07.html. Accessed 12 Feb 2021

  3. New type APT. https://www.ipa.go.jp/files/000024542.pdf. Accessed 12 Feb 2021

  4. Measures for Developing Cybersecurity Human Resources Inter-Group Working Report. https://www.nisc.go.jp/conference/cs/pdf/jinzai-sesaku2018set.pdf. Accessed 12 Feb 2021

  5. Report of cyber security human resource development study group. https://cyber-risk.or.jp/cric-csf/report/CRIC-CSF-2nd-Final-Report.pdf. Accessed 12 Feb 2021

  6. NICE Cybersecurity Framework. https://www.nist.gov/cyberframework Accessed 12 Feb 2021

  7. Vicente, K.J., Rasmussen, J.: Ecological interface design: theoretical foundations. IEEE Trans. Syst. Man Cybernet. 22(4), 589–606 (1992)

    Article  Google Scholar 

  8. Vicente, K.J.: Ecological interface design: progress and challenges. Hum. Fact. 44(1), 62–78 (2002)

    Article  Google Scholar 

  9. Furukawa, H.: A learning method to support user's understanding about complex systems based on functional models: an empirical study on young and elderly users of mobile phones: In: Proceedings of the UK Sim 13th International Conference on Computer Modelling and Simulation, Cambridge, March, pp. 370–375

    Google Scholar 

  10. Guideline of Information Security for SMEs, 3rd edn. https://www.ipa.go.jp/security/keihatsu/sme/guideline/index.html. Accessed 12 Feb 2021

  11. Ozaki, S.: Improving the training material of the information security based on Cybersecurity framework. In: HCII Proceedings, Heidelberg (2020)

    Google Scholar 

  12. Landis, J., Koch, G.: The measurement of observer agreement for categorical data. Biometrics 33(1), 159–174 (1977)

    Article  Google Scholar 

  13. Krippendorff, K.: Content Analysis an Introduction to Its Methodology. Sage Publications, Beverly Hills, CA (1980)

    MATH  Google Scholar 

  14. Chul, W.Y., Sanders, L., Cervenya, R.P.: Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance. Decis. Supp. Syst. 108, 107–118 (2018)

    Article  Google Scholar 

  15. Alshaikh, M., Naseer, H., Ahmad, A., Maynard, S.B.: Toward sustainable behavior change: an approach for cybersecurity education training and awareness. In: 27th ECIS 2019 Proceedings, AISeL, Hawaii, USA (2019)

    Google Scholar 

  16. Katsantonis, M., Fouliras, P., Mavridis, I.: Conceptual analysis of cyber security education based on live competitions. In: EDUCON Proceedings, IEEE, USA (2017)

    Google Scholar 

  17. Yonemura, K., Yajima, K., Komura, R., Sato, J.: Practical security education on operational technology using gamification method. In: ICCSCE Proceedings, IEEE, Malaysia (2017)

    Google Scholar 

  18. Son, Y.K., Yamaguchi, Y., Shimada, H., Takakura, H.: A curriculum analysis for information security curriculum development enforcing on technical competencies. IPSJ J. 58(5), 1163–1174 (2017)

    Google Scholar 

  19. NICE Cybersecurity Workforce Framework. https://www.nist.gov/itl/appliedcybersecurity/nice/resources/nicecybersecurity-workforce-framework. Accessed 12 Feb 2021

  20. Krombholz, K., Busse, K., Pfeffer, K., Smith, M,. Von Zezschwitz, E.: If HTTPS were secure, I wouldn’t need 2FA-end user and administrator mental models of HTTPS. In: IEEE Symposium on Security and Privacy (SP) Proceedings, IEEE, USA (2019)

    Google Scholar 

  21. Wu, J., Zappala, D.: When is a tree really a truck? Exploring mental models of encryption. In: 40th SOUPS Proceedings, pp. 395–407, USENIX, Boston, USA (2018)

    Google Scholar 

  22. Fulton, K R., Gelles, R., McKay, A., Roberts, R., Abdi, Y., Mazurek, M.L.: the effect of entertainment media on mental models of computer security. In: 41th SOUPS Proceedings, pp. 79–95, USENIX, Boston, USA. Conference Name: ACM Woodstock conference (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Ibaraki, Japan

    Satoshi Ozaki & Hiroshi Furukawa

Authors
  1. Satoshi Ozaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hiroshi Furukawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Satoshi Ozaki .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Appendix

Appendix

Table 7. Table of mapping between the categories and sessions of the standard material.
Full size table
Table 8. Questions and answer options of pre- and post-questionnaires
Full size table
Table 9. Pre- and post-test questions
Full size table
Table 10. 37 questions added from the second phase of the experiment in post-test.
Full size table
Table 11. Pre- and post-test questions
Full size table
Table 12. Coding result
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ozaki, S., Furukawa, H. (2021). Study on the Impact of Learning About Information Security Measures on Mental Models: Applying Cybersecurity Frameworks to Self-learning Materials. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77392-2_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77391-5

  • Online ISBN: 978-3-030-77392-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation