"Cybersecurity Computer-Based Training and Technical Communication Design"
|
Lysandwr McNaryLysandwr McNary graduated from New Mexico Tech in spring of 2013 with a Bachelor of Science degree in Technical Communication, after years spent in varied pursuits, from book publisher to United States Army Psychological Operations Specialist. Her time with the US Army, including two years in Iraq, provided many opportunities for studying cybersecurity, communication, and human behavior. Contents |
CONCLUSIONS/RECOMMENDATIONS FOR FUTUREThe training module addresses virtually all of the required topics, but has significant deficiencies in how it supports learning those topics. The training design and development appears to have not included TC design principles in key ways, even when doing so could greatly improve FISMA-required topic support. This module would benefit from review with an eye towards applying TC design principles, followed by usability testing. Further review and usability testing with a statistically significant sampling of the target audience demographics is necessary to identify the most effective design development elements. Specifically, audience awareness and user-centered design principles suggest that research should be carried out by the Security Awareness Training Shared Service Centers to see if specific demographic groups in the general audience are at greater risk in certain topics. For example, one might expect that employees in a 21-31 year old range would be more likely to download music and/or games. Passwords might be a greater issue for older employees. Then the training developer could apply various design elements specifically chosen for that demographic (color, font, game-type, music) to the appropriate exercise or challenge. The module would still have changing elements to keep learners alert, but the module would more accurately target the audience rather than make random changes in an attempt to keep their attention. As illustrated by the literature review, testing of cybersecurity training in general has been limited and flawed. In my examination, it is immediately apparent that TC principles that should be applied to improve testing also include user-centered design, in order to create a digital instrument that would allow learners to navigate and progress through the course in ways most beneficial to them rather than clicking through screens without a requirement to demonstrate learning. Further research on a larger scale is needed. However, to strengthen future cybersecurity efforts, it is also recommended that universities that both offer TC degree programs and are designated National Centers of Academic Excellence in Information Assurance Education encourage cross-discipline degrees. The three universities in the reviewed list (Appendix A) with degree programs in Technical Communication that also offer cybersecurity and/or information assurance/awareness classes as part of those programs are additionally all designated National Centers of Academic Excellence in Information Assurance Education by the National Security Agency (NSA) and DHS. These universities participate in the Scholarship for Service program, which funds both undergraduate and graduate degrees in cybersecurity and information assurance in order to strengthen the national cybersecurity effort. Computer Science and Technical Communication departments in universities with these programs should consider recruiting or developing cross-discipline students who would graduate with strong skills in both arenas and go on to support information awareness in the nation’s information systems. |