cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lckostic58
Newcomer I

Recruiting Information Security Experts for Doctoral Research Study

Linda Kostic, who is a doctoral learner at Capella University in the School of Business and Technology is seeking information security subject matter experts to participate in a research study.  The purpose of this research study is to aggregate information security awareness techniques, obtained from the research participants, which will reduce data breaches caused by social engineering attacks.  Participants will be contributing to the information security profession by customizing existing frameworks, NIST 800-50 as an example, with actionable techniques that will be compiled into an information security awareness technique model that will be shared with all participants. 

 

Research participants will be asked to fully complete a SurveyMonkey open-ended questionnaire that may result in up to three participation rounds.  It is anticipated that the first round of questions will take approximately thirty (30) minutes to complete, depending on the extent of information security awareness techniques employed within your organization.  If necessary, it is anticipated that the time commitment for each additional survey will be about fifteen (15) minutes each, depending on the number of follow up questions.

 

All participants who actively participate through all questionnaire rounds will receive one (1) CPE certificate and a copy of the research study results.  The research results will contain an information security awareness model that may provide new techniques for the participant to implement at their firm, agency, or client environment.

 

Participants must meet the following professional background criteria in order to participate in this research:

  • Currently or recently (last five years) developed, reviewed, consulted, executed, and/or participated in information security awareness techniques, such as practice phishing emails and periodic information security awareness training curriculum; and,
  • Have three or more years of information security and/or information security awareness experience.

Participants who meet the professional background and opt to participate, will answer the following four research questions within a Survey Monkey survey.

  1. List all the information security awareness techniques, including any software tools and training that you have researched or employed at your organization or client’s business environment. Include the execution frequency for each information security awareness technique/software tool/training (daily, weekly, monthly, quarterly, or yearly).
  2. In your opinion, describe which information security awareness techniques/software tool/training are effective and why those methods are effective.
  3. Describe how information security awareness techniques and tools effectiveness are measured. Include the consequences for non-compliance identified through techniques and software tools.
  4. Describe what you would like to see in your information security awareness training that you do not have today.

If you are interested in participating in this research study, please send the following information to Linda Kostic at lkostic@capellauniversity.edu:

Participant Name

Participant Email Address

Years of Information Security Experience

Years of Information Security Awareness Experience

4 Replies
Gareth_Milne
Newcomer II

Just a note:

 

Requesting this kind of information on a gmail account instead of an educational or business domain account seems a bit strange considering the kind of data you are requesting.

 

Might I suggest you use a university email account. Speaking for myself I would not respond to this kind of request from an anonymous account.

 

For example, would anyone respond to the query below?

 

Does your Firm or Agency Secures Personally Identifiable Information, Non-Public Information, or Other Sensitive Data (Yes/No)?

 

Oh no we don't "secures" PII or any other data. We leave it in a public database like they did in Ecuador 🙂

 

I checked my calendar and it aint April 1st.

 

 

 

 

lckostic58
Newcomer I

Gareth_Milne, thank you for your feedback, none of my reviewers or editors recommended university email account, probably because we don't have access in between semesters, but I will make that change.
Please note that the question regarding PII is not whether that data it is secured. Based on my research, firms are not going to spend a great deal of money on information security tools/techniques if the data is publicly available. There are no survey questions asking about PII, the survey questions are related to software tools and other awareness techniques that are employed. The thought was that those firms or agencies who have PII would spend more resources on information security awareness techniques. But, your point is well taken in that the PII reference can be misunderstood. Best regards, Linda
Gareth_Milne
Newcomer II

Thanks for your kind response. I can't speak for the rest of the CISSP bunch but I thought your question was a cleverly structured phishing attack in which you had an avenue to harvest a wealth of information for targeted attacks. I'm glad to hear that's not the case 😉

 

 

lckostic58
Newcomer I

Thank you again for providing this feedback as it could be impacting the response rate. I am updating my recruiting information so that my research intention is clear.