Toward an Intelligent Decision Support System for a Proactive Security Education Training & Awareness (SETA) programs in Organizations.

This is a PhD dissertation proposal. The proposal must follow the outline below. Included after the outline is an abstract. Additional information will be uploaded later: 1-Introduction: Problem definition/statement, problem significance/motivation, introduction to key concepts, research questions and objectives, scope of study, overview of methods and findings, theoretical and practical significance, structure of the remaining proposal. For Design Science Research the problem definition and research objectives should specify the goals that are required of the artifact to be developed. 2-Literature Review – Background, prior and related works relevant to the study, including prior design theories and artifacts that have already been developed to solve similar problems, empirical research studies and findings/report from practice, gaps from extant research that this research seek to address and significance 3-Methodology: must be Design Science Research (DSR) following (Peffers, K., 2007) and (Hevner, 2004) with explanation of the approach and why it is best suited for the research. 4-Result/Artifacts Description: A description of Design Science Research artifacts which could be Constructs, Models or Methods at the appropriate level of abstraction to make a new contribution to domain. It should include a description of the process followed to search for and come up with the design artifacts. 5-Evaluation: A description of evidence that the artifact is useful by discussing how the artifact will be evaluated to demonstrate it’s worth while addressing criteria such as validity, utility, quality, and efficacy 6- Discussion: Interpretation of the results – what the result mean and how they relate back to the objectives stated in the introduction. Should include summary of what was learned, comparison with prior work, limitations, theoretical significance, practical significance, implication of results/findings to research and practice, and areas requiring further work. 7-Conclusion: Concluding paragraph that states the important findings of the research work. Restate the main ideas in the contribution and why they are important 8 – References (as a EndNote or Zotero file) Below is the abstract Information and cyber security education training and awareness is an important component of any cyber security program. Despite organizations investing a lot of money to close the cybersecurity loophole created by the weakest link in the information security chain, human being remains the weakest link in the chain and with the changing threat landscape, threat actors are continuously coming up with various, unique, new, advanced persistent innovative ways that specifically targets humans within an organization to increase success chances of cybersecurity incidents. Yet Security Education Training and Awareness (SETA) needs in most organizations are not informed by quality data & analytics but subjectively decided by the manager of cyber services or designated individual in that capacity who use a reactive approach of haphazardly recommending and assigning annual training or creating awareness for employees based on job function, position/hierarchy, responsibilities, security breach reports, and/or cybersecurity incident After Action Report (AAR) thereby playing catch up. There is need to change the widely used current approach to SETA to close the human factor gap used to exploit organizations via security breach, optimize organization’s investment in SETA programs and make it proactive. Using as theoretical basis, the Theory of reasoned action (TRA), Protection Motivation Theory (PMT), Decision Theory and User Behavior Analysis (UBA), and Design Science Research methodology this research proposes a an intelligent framework for proactively identifying cybersecurity training & awareness needs in an organization based on predictive analytics performed on all the organization’s data from different sources especially the User Behavior Analysis (UBA) data from Security Incident and Events Management (SIEM) tools or other event log data, determine the likelihood that the user could be susceptible to cyber-attack within the next few months and proactively recommends appropriate education, training and awareness in line with CERT Resilience Management Model [Caralli 2011] and other relevant models to improve user behavior and reduce the likelihood of susceptibility to security breach. The framework facilitates relevant real-time data-driven continuous awareness/continuous training (CA/CT) for users within the organization. Lastly the framework is validated experimentally with the deployment of an intelligent model to find out if there is an increase or decrease in cybersecurity breach for similar incidents, organization size and structure, etc. that is caused by humans.