The Institute of Security and Global Affairs (ISGA) of the Faculty of Governance and Global Affairs at Leiden University is looking for a PhD Candidate in the field of Cybersecurity Governance
The Institute of Security and Global Affairs (ISGA) at Leiden University seeks to appoint a full-time PhD candidate to carry out research (75%) and teaching (25%) activities on cyber security.
Most organisations still focus on awareness campaigns and providing information to improve their employees’ cybersecurity behaviour, while we know that awareness campaigns are not sufficient (van Steen, 2017, 2019; van Steen, Norris, Atha, & Joinson, in press) and providing information is too narrow a solution to be effective (Michie, van Straalen, & West, 2011). At the same time, behavioural and cognitive factors are hindering a secure environment as security policies become more complex. For instance, shadow security, where employees find workarounds to existing policies in order to finish their task on time, increases security risks (Kirlappos, Parkin, & Sasse, 2015). Furthermore, the increasing number of implemented security policies in organisations is pushing the limits of employees’ so-called ‘compliance budget’, a cognitive reservoir that, once depleted, causes employees to stop complying with security policies (Beautement, Sasse, & Wonham, 2009). Taken together with a rising risk of cyberthreats, the necessity for strong, evidence based, cybersecurity training is evident. Cybersecurity training for end-users can take many forms such as challenge based learning (Cheung, Cohen, Lo & Elia, 2011), capture the flag events (McDaniel, Talvi, & Hay, 2016), serious games (van Steen, & Deeleman, under review), or perhaps a combination of various behavioural change campaigns. The aim of the present project is to bring together the field of cybersecurity training for organisations, to design an evidence-based cybersecurity training for employees, and to test this training in the field. The overall research question is: How can we design, implement, and test the effectiveness of an evidence-based organisational cybersecurity training?
The PhD candidate will be supervised by Dr. Bibi van den Berg, promotor and Dr. Tommy van Steen, co-promotor (both ISGA). The candidate will perform the research and teaching at the Institute of Security and Global Affairs. Education activities and assistance will serve the specialization track ‘Governance of Cyber Security’ in the master program Crisis and Security Management under the coordination of the supervisors.