The Way to the Specialist and Management Level of Cyber Hygiene Initiative

Christian Tschida
The Way to the Specialist and Management Level of Cyber Hygiene Initiative Abstract: Cybercrime and state sponsored espionage is still growing rapidly. The number of affected organizations increases day by day. Some know that they are effected, some still do not know. The user is a main factor in cyber security incidents. No two humans are the same (e.g. fingerprints, skill, knowledge, attitude). The behaviour of humans is influenced by various factors. The goal of the Cyber Hygiene Initiative is to adopt internal guidelines for comprising the best behavioural principles for cyber hygiene, as well as to create an e-learning platform, where these guidelines get implemented. The prototype, of the Cyber Hygiene e-learning course was implemented and tested in the Estonian Defence Forces in early 2016. This thesis builds up on this. It tries to clarify what data should be available to the specialists and what information should be reported to the management. This shall help to create the specialist and management level of the Initiative. The methodological foundation of the elearning course was well laid with other theses. This thesis introduces the methodology and shows the results, what kind of data and reporting should be implemented on the specialist- and management-level. Decision makers and managers have now an Executive summary available, to take specialists view into account and to implement proper reporting. Additional to many interviews with specialists and security experts, a questionnaire was created to raise coverage. The testing of the questionnaire was done at an international well known think tank. Results from the interviews and the survey indicated that the methodology proves to be valid for improving reporting and should help with implementation. The developed methodology and questions will be further considered at CybExer Technologies, a joint venture of BHC Lab and bytelife, who contracted with EDA for a period of 3 years at the end of 2016 to further improve the programme and include the specialist- and management- level. Keywords: Cyber Hygiene Initiative, e-learning, specialist, expert, management, reporting CERCS: P170 Computer science, numerical analysis, systems, control
Graduation Thesis language
Graduation Thesis type
Master - Cyber Security
Sten Mäses, Raimundas Matulevičius
Defence year