Assessing the provision of public-facing cybersecurity guidance for end-users

摘要

The increased use of digital technologies and services brings with it a similarly increasing requirement for their end-users to have the awareness and ability to protect the security and privacy of their devices and data. However, this raises the related questions of what they need to know and from where they may obtain related guidance. The discussion begins by considering the knowledge and skills that could usefully characterize a cybersecurity literate user. The paper then proceeds to examine the provision of end-user guidance from 17 public-facing sources, spanning national sources, operating system provides, training providers and popular online services. The findings illustrate that, while some topics are commonly covered, none of them are found to be uniformly addressed across all sources. As such, the level of awareness that users may have, and the level of good practice that they may follow, is likely to be highly dependent upon where they have looked for guidance. This points toward the need for a consistent and more harmonized approach if we wish to ensure that a common baseline of cybersecurity literacy can be achieved across an increasingly digital society.