The Cyber Acumen

Abstract

The major purpose of this chapter is to understand average user's decision-making process in cybersecurity by reviewing and integrating several major theoretical frameworks discussed and applied in decision making processes in cybersecurity. The average users are the ones who do not realize or understand when or how to perform security-critical decisions, the ones who are unmotivated to comply with company and school cybersecurity policies and procedures due to inconvenience, and the ones who do not have sufficient knowledge in cybersecurity to make sound security decisions. It is important to discuss and understand the role of such users and their behaviors based on systematic analysis so that we can identify potential factors causing “poor” security decisions and find ways to reduce the likelihood of being victims of cyber-attacks. The ultimate goal is to provide insights and make recommendations on how to foster individual's cyber acumen and cultivate a more effective decision-making process.