ABSTRACT

Any modern cybersecurity strategy relies upon IT managers who are experts in their field, who are willing to employ best practices, and who educate their users. Large corporations have developed an intrinsic understanding of these factors. However, large corporations are comprised of departmental units that are not always considered in the organization’s cybersecurity profile. This is particularly true at colleges and universities where IT managers who are not affiliated with the central IT department sometimes employ their own security strategies. This article describes a study that surveyed 161 IT managers to determine their perceptions of their cybersecurity readiness. The model described in this study is the Practice and Awareness Cybersecurity Readiness Model (PACRM). The survey instrument was developed and validated, then tested using path analysis. Eleven of twenty-six relationships were found to be significant. This model offers a step forward in understanding top-to-bottom cybersecurity readiness in the modern threat environment.

摘要

任何现代网络安全策略都依赖于在其领域内是专家、愿意采用最佳实践并教育用户的 IT 经理。大公司已经对这些因素有了内在的理解。然而，大型公司由部门单位组成，这些部门并不总是被考虑在组织的网络安全配置文件中。在不隶属于中央 IT 部门的 IT 经理有时会采用自己的安全策略的学院和大学中尤其如此。本文介绍了一项研究，该研究对 161 名 IT 经理进行了调查，以确定他们对网络安全准备情况的看法。本研究中描述的模型是实践和意识网络安全准备模型 (PACM)。开发并验证了调查工具，然后使用路径分析进行测试。发现 26 种关系中有 11 种是重要的。该模型在理解现代威胁环境中自上而下的网络安全准备方面向前迈进了一步。