Linda Kostic, Past President of ISACA GWDC, is a doctoral learner at Capella University in the School of Business and Technology is seeking information security subject matter experts to participate in a research study.  The purpose of this research study is to aggregate information security awareness techniques, obtained from the research participants, which will reduce data breaches caused by social engineering attacks.  Participants will be contributing to the information security profession by customizing existing frameworks, NIST 800-50 as an example, with actionable techniques that will be compiled into an information security awareness technique model that will be shared with all participants. 

 

Research participants will be asked to fully complete a SurveyMonkey open-ended questionnaire that may result in up to three participation rounds.  It is anticipated that the first round of questions will take approximately thirty (30) minutes to complete, depending on the extent of information security awareness techniques employed within your organization.  If necessary, it is anticipated that the time commitment for each additional survey will be about fifteen (15) minutes each, depending on the number of follow up questions.

 

All participants who actively participate through all questionnaire rounds will receive one (1) CPE certificate and a copy of the research study results.  The research results will contain an information security awareness model that may provide new techniques for the participant to implement at their firm, agency, or client environment.

 

Participants must meet the following professional background criteria in order to participate in this research:

• Currently or recently (last five years) developed, reviewed, consulted, executed, and/or participated in information security awareness techniques, such as practice phishing emails and periodic information security awareness training curriculum; and,
• Have three or more years of information security and/or information security awareness experience.

 

Participants who meet the professional background and opt to participate, will answer the following four research questions within a Survey Monkey survey.

1. List all the information security awareness techniques, including any software tools and training that you have researched or employed at your organization or client’s business environment. Include the execution frequency for each information security awareness technique/software tool/training (daily, weekly, monthly, quarterly, or yearly).
2. In your opinion, describe which information security awareness techniques/software tool/training are effective and why those methods are effective.
3. Describe how information security awareness techniques and tools effectiveness are measured. Include the consequences for non-compliance identified through techniques and software tools.
4. Describe what you would like to see in your information security awareness training that you do not have today.

 

If you are interested in participating in this research study, please send the following information to Linda Kostic at lkostic@capellauniversity.edu:

Participant Name

Participant Email Address

Years of Information Security Experience

Years of Information Security Awareness Experience