Security Education

Most organizations now provide security education for employees.

Required Reading

• Hielscher, Jonas, et al. “Selling Satisfaction: A Qualitative Analysis of Cybersecurity Awareness Vendors’ Promises.” Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2024.

Lecture

Learning Outcomes

Topics

• Security training
• Balancing costs and benefits

Understand

• Training does not always work
• Factors to consider when selecting training
• Testing if training is effective

Remember

• Benifits and costs of training

Apply

• Try asking friends or family about the training they have been given at work and co-ops.
• Do a mini self diary study. Note down every time you have to make a security decision for a day and what knowledge you needed to make a good decision.

Activities

Complete UWaterloo Security Training - Note that for researchers Information Security Services recommends 2 hours and 20 minutes of training time in cyber security a year.

Resources

Recommended Reading

• So long and no thanks for the Externalities: The rational rejection of security advice by end users by Cormac Herley

Additional Resources

News

• After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud