Abstract
The shortage of information-security workers is a problem. Appropriate mental models are considered important to encourage learners to appropriately plan, understand, and act on security measures. We aim to create materials to help security staff members acquire the right mental model in their learning and improve the learning effect. To create such materials, it is important to investigate the current mental model of the staff, how the model changes through learning, and its impact on the learning efficiency.
A preliminary experiment was conducted on individuals who had not received such education and individuals who had participated in security-related work for a few to several years. The participants self-studied both standard and revised materials on information security measures, and we conducted tests and semi-structured interviews to examine the changes in their performance and confidence as well as the changes to their mental models before and after self-learning.
Four mental models were identified during the experiment: role-based, timeline/phase-based, framework-based, and unstructured models. After learning, for those with security-related work experience, we identified examples of changing to a framework-based model, and for groups with no security education, we identified examples of acquiring a role-based model. Instances when the model did not change were also noted. The test scores and degree of confidence of both groups improved after the self-learning, and a significant difference was shown for questions regarding which security measures contribute to which security function based on a small sample size
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fundamental research for education of security human resources. https://www.ipa.go.jp/security/fy23/reports/jinzai/ Accessed 12 Feb 2021
Report of questionnaire survey on information security incidents. https://lab.iisec.ac.jp/~hiromatsu_lab/sub07.html. Accessed 12 Feb 2021
New type APT. https://www.ipa.go.jp/files/000024542.pdf. Accessed 12 Feb 2021
Measures for Developing Cybersecurity Human Resources Inter-Group Working Report. https://www.nisc.go.jp/conference/cs/pdf/jinzai-sesaku2018set.pdf. Accessed 12 Feb 2021
Report of cyber security human resource development study group. https://cyber-risk.or.jp/cric-csf/report/CRIC-CSF-2nd-Final-Report.pdf. Accessed 12 Feb 2021
NICE Cybersecurity Framework. https://www.nist.gov/cyberframework Accessed 12 Feb 2021
Vicente, K.J., Rasmussen, J.: Ecological interface design: theoretical foundations. IEEE Trans. Syst. Man Cybernet. 22(4), 589–606 (1992)
Vicente, K.J.: Ecological interface design: progress and challenges. Hum. Fact. 44(1), 62–78 (2002)
Furukawa, H.: A learning method to support user's understanding about complex systems based on functional models: an empirical study on young and elderly users of mobile phones: In: Proceedings of the UK Sim 13th International Conference on Computer Modelling and Simulation, Cambridge, March, pp. 370–375
Guideline of Information Security for SMEs, 3rd edn. https://www.ipa.go.jp/security/keihatsu/sme/guideline/index.html. Accessed 12 Feb 2021
Ozaki, S.: Improving the training material of the information security based on Cybersecurity framework. In: HCII Proceedings, Heidelberg (2020)
Landis, J., Koch, G.: The measurement of observer agreement for categorical data. Biometrics 33(1), 159–174 (1977)
Krippendorff, K.: Content Analysis an Introduction to Its Methodology. Sage Publications, Beverly Hills, CA (1980)
Chul, W.Y., Sanders, L., Cervenya, R.P.: Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance. Decis. Supp. Syst. 108, 107–118 (2018)
Alshaikh, M., Naseer, H., Ahmad, A., Maynard, S.B.: Toward sustainable behavior change: an approach for cybersecurity education training and awareness. In: 27th ECIS 2019 Proceedings, AISeL, Hawaii, USA (2019)
Katsantonis, M., Fouliras, P., Mavridis, I.: Conceptual analysis of cyber security education based on live competitions. In: EDUCON Proceedings, IEEE, USA (2017)
Yonemura, K., Yajima, K., Komura, R., Sato, J.: Practical security education on operational technology using gamification method. In: ICCSCE Proceedings, IEEE, Malaysia (2017)
Son, Y.K., Yamaguchi, Y., Shimada, H., Takakura, H.: A curriculum analysis for information security curriculum development enforcing on technical competencies. IPSJ J. 58(5), 1163–1174 (2017)
NICE Cybersecurity Workforce Framework. https://www.nist.gov/itl/appliedcybersecurity/nice/resources/nicecybersecurity-workforce-framework. Accessed 12 Feb 2021
Krombholz, K., Busse, K., Pfeffer, K., Smith, M,. Von Zezschwitz, E.: If HTTPS were secure, I wouldn’t need 2FA-end user and administrator mental models of HTTPS. In: IEEE Symposium on Security and Privacy (SP) Proceedings, IEEE, USA (2019)
Wu, J., Zappala, D.: When is a tree really a truck? Exploring mental models of encryption. In: 40th SOUPS Proceedings, pp. 395–407, USENIX, Boston, USA (2018)
Fulton, K R., Gelles, R., McKay, A., Roberts, R., Abdi, Y., Mazurek, M.L.: the effect of entertainment media on mental models of computer security. In: 41th SOUPS Proceedings, pp. 79–95, USENIX, Boston, USA. Conference Name: ACM Woodstock conference (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ozaki, S., Furukawa, H. (2021). Study on the Impact of Learning About Information Security Measures on Mental Models: Applying Cybersecurity Frameworks to Self-learning Materials. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-77392-2_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77391-5
Online ISBN: 978-3-030-77392-2
eBook Packages: Computer ScienceComputer Science (R0)