It has been well recognised that the effectiveness of cyber-security is highly dependent on the Human-Centric Aspects of Cyber-Security, both in terms of professionals and end-users of technologies. A cross-cutting issue identified in all roadmaps and multiple EU documents is the need to ensure that cyber-security professionals receive regular training so that they are skilled in working with emerging technologies and responding to new threats. Cyber-security education is now taught in universities throughout Europe and multiple firms provide lifelong learning opportunities for professionals. When designing effective learning the organisers need to understand the dynamics of how the teams learn and what are indicators of successful team learning. However, assessing team learning success when the absence of objective performance measures and in the avoidance of highly invasive assessment methods in the cyber-security exercises’ context remains an unsolved question.
Regarding end-users of technology, the concept of Usable Security is highly relevant, which is focused on making sure that security products and processes are usable by those who need them, which can be an important catalyst to more efficient adoption of security and privacy technologies. Usable security needs to guarantee a level of usability high enough so that user behaviour will not jeopardise their benefits in terms of security and privacy. However, many technologies are not straightforward. For example, multiple problems regarding the usability of the PGP encryption system have been pointed out. These usability issues can make it harder to reach intended security and privacy goals. In the case of encryption, there have been many improvements that make end-to-end encrypted communications now available to large groups of people. However, user authentication still has many issues and a perfect solution does not yet exist. Sometimes there are trade-offs between usability and security or privacy meaning that a design solution favouring one aspect might degrade another.
- Improve automated feedback systems for cyber-security training.
- Improve usability of cyber-security solutions for ICT professionals.
- Evaluate Automated Feedback upgrade to KYPO Cyber Range Platform (an open-source interactive learning environment for hands-on cyber-security training).
- Identify and address gaps in the usability of penetration testing reports among ICT professionals.