A Strategic Roadmap for Assessing and Educating on Personal Cybersecurity Practices in Universities*
Presentation Type
Poster Presentation
Mentor/Supervising Professor Name
Alférez, Harvey
Abstract (Description of Research)
Universities face a common cybersecurity threat: their own users. Although organizations may meet compliance standards and implement robust security infrastructures, the individual user remains the weakest link. This is particularly evident in higher education institutions, where both students and employees are frequent targets of cyber threats due to a lack of cybersecurity awareness. This paper proposes a strategic roadmap for assessing university student bodies and employee populations through cybersecurity domains that directly affect personal cyber hygiene awareness and practice.
Our proposed roadmap was validated in a U.S. university by using a domain-focused survey and simulated phishing campaigns. After the identification of the university's strengths and weaknesses in cyber hygiene practice, an awareness initiative was deployed to educate users who failed a simulated phishing email, differing from traditional cybersecurity training videos.
After the final simulated phishing campaign took place, the results revealed a 25% improvement in cyber hygiene practice in email security from the student body.
Included in
A Strategic Roadmap for Assessing and Educating on Personal Cybersecurity Practices in Universities*
Universities face a common cybersecurity threat: their own users. Although organizations may meet compliance standards and implement robust security infrastructures, the individual user remains the weakest link. This is particularly evident in higher education institutions, where both students and employees are frequent targets of cyber threats due to a lack of cybersecurity awareness. This paper proposes a strategic roadmap for assessing university student bodies and employee populations through cybersecurity domains that directly affect personal cyber hygiene awareness and practice.
Our proposed roadmap was validated in a U.S. university by using a domain-focused survey and simulated phishing campaigns. After the identification of the university's strengths and weaknesses in cyber hygiene practice, an awareness initiative was deployed to educate users who failed a simulated phishing email, differing from traditional cybersecurity training videos.
After the final simulated phishing campaign took place, the results revealed a 25% improvement in cyber hygiene practice in email security from the student body.