Awareness

Abstract

Awareness is a term used to describe an individual's knowledge of a topic. One would expect that awareness of the cybersecurity threat is well understood because of the continual reports of cyber incidents and attacks impacting individuals, organizations, and cyber-attacks on communities and states. The CIAS found it was true that people understood cyber incidents and attacks were happening. They also understood they needed to protect their assets and information, and they needed to be able to respond and recover from incidents that might occur. The significant gap was they did not understand all the impacts that could occur from a cyber incident, and they didn't understand the cascading impacts that could domino from a single attack. The lessons learned regarding awareness are incorporated into the awareness dimension of the CCSMM and include what each member of a community needs to know based on their role in the community.