{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T06:14:09Z","timestamp":1764656049903},"reference-count":26,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,7,1]]},"abstract":"<p>Traditional cybersecurity, security or information security awareness programs have become ineffective to change people's behavior in recognizing, failing to block or reporting cyberthreats within their organizational environment. As a result, human errors and actions continue to demonstrate that we are the weakest links in cybersecurity. This article studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks and approaches. The authors introduce a suggested awareness training model to address existing deficiencies in awareness training. The Cybersecurity Awareness TRAining Model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The authors concluded their study by addressing the need of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.<\/p>","DOI":"10.4018\/jcit.2019070102","type":"journal-article","created":{"date-parts":[[2019,4,23]],"date-time":"2019-04-23T13:03:57Z","timestamp":1556024637000},"page":"26-39","source":"Crossref","is-referenced-by-count":25,"title":["An Effective Cybersecurity Training Model to Support an Organizational Awareness Program"],"prefix":"10.4018","volume":"21","author":[{"given":"Regner","family":"Sabillon","sequence":"first","affiliation":[{"name":"Universitat Oberta de Catalunya, Barcelona, Spain"}]},{"given":"Jordi","family":"Serra-Ruiz","sequence":"additional","affiliation":[{"name":"Universitat Oberta de Catalunya, Barcelona, Spain"}]},{"given":"Victor","family":"Cavaller","sequence":"additional","affiliation":[{"name":"Universitat Oberta de Catalunya, Barcelona, Spain"}]},{"family":"Jeimy J. Cano M.","sequence":"additional","affiliation":[{"name":"Universidad del Rosario, Bogota, Colombia"}]}],"member":"2432","reference":[{"key":"JCIT.2019070102-0","doi-asserted-by":"publisher","DOI":"10.20533\/ijisr.2042.4639.2016.0076"},{"key":"JCIT.2019070102-1","unstructured":"Axelos. (2015). Cyber Resilience Best Practices. Norwich: Resilia."},{"key":"JCIT.2019070102-2","author":"M.Beyer","year":"2015","journal-title":"Awareness is only the first step: A framework for progressive engagement of staff in cyber security"},{"key":"JCIT.2019070102-3","author":"R.Beyer","year":"2015","journal-title":"Implementing Effective Cyber Security Training for End Users of Computer Networks"},{"key":"JCIT.2019070102-4","unstructured":"Cano, J. (2016). La educaci\u00f3n en seguridad de la informaci\u00f3n. Reflexi\u00f3n pedag\u00f3gicas desde el pensamiento de sistemas. In Memorias 3er Simposio Internacional en \u201cTemas y problemas de Investigaci\u00f3n en Educaci\u00f3n: Complejidad y Escenarios para la Paz.\u201d"},{"key":"JCIT.2019070102-5","unstructured":"Cano, J. (2016). Modelo de madurez de cultura organizacional de seguridad de la informaci\u00f3n. In Una visi\u00f3n desde el pensamiento sist\u00e9mico-cibern\u00e9tico. Actas de la XIV Reuni\u00f3n Espa\u00f1ola sobre Criptolog\u00eda y Seguridad de la Informaci\u00f3n (pp. 24-29)."},{"key":"JCIT.2019070102-6","unstructured":"ESET. (2017). ESET Cybersecurity Awareness Training. ESET Canada. Retrieved from https:\/\/www.eset.com\/ca\/cybertraining\/"},{"key":"JCIT.2019070102-7","unstructured":"Gartner. (2016). 2016 Gartner Magic Quadrant for Security Awareness Computer-Based Training Vendors."},{"key":"JCIT.2019070102-8","author":"L.Hayden","year":"2016","journal-title":"People-Centric Security: Transforming your Enterprise Security Culture"},{"key":"JCIT.2019070102-9","year":"2005","journal-title":"ISO\/IEC 27001:2005 \u2013 Information Technology \u2013 Security Techniques \u2013 Information Security Management Systems \u2013 Requirements"},{"key":"JCIT.2019070102-10","year":"2012","journal-title":"ISO\/IEC 27032:2012 \u2013 Information Technology \u2013 Security Techniques \u2013 Guidelines for Cybersecurity"},{"key":"JCIT.2019070102-11","year":"2017","journal-title":"A Best Practices Guide for Comprehensive Employee Awareness Programs"},{"key":"JCIT.2019070102-12","year":"2017","journal-title":"Cybersecurity Awareness & Training"},{"key":"JCIT.2019070102-13","author":"D.Monahan","year":"2014","journal-title":"Security Awareness Training: It\u2019s not just for Compliance-Research Report Summary. Enterprise Management Associates"},{"key":"JCIT.2019070102-14","unstructured":"National Institute of Standards and Technology \u2013 NIST. (2003). Building an Information Technology Security Awareness and Training Program (NIST Special Publication 800-50)."},{"key":"JCIT.2019070102-15","year":"2014","journal-title":"Best Practices for Implementing a Security Awareness Program"},{"key":"JCIT.2019070102-16","first-page":"1","article-title":"How to Audit the Human Element and Assess Your Organization\u2019s Security Risk.","volume":"5","author":"T.Penderdast","year":"2016","journal-title":"ISACA Journal"},{"key":"JCIT.2019070102-17","unstructured":"PhishMe. (2017). PhishMe CBFree. PhishMe Headquarters. Retrieved from https:\/\/phishme.com\/resources\/cbfree-computer-based-training\/"},{"key":"JCIT.2019070102-18","article-title":"A Comprehensive Cybersecurity Audit Model to Improve Cybersecurity Assurance: The CyberSecurity Audit Model (CSAM).","author":"R.Sabillon","year":"2017","journal-title":"Second International Conference on Information Systems and Computer Science (INCISCOS)"},{"key":"JCIT.2019070102-19","unstructured":"SANS Institute. (2017). 2017 Security Awareness Report: It\u2019s time to communicate. SANS Security Awareness. Retrieved from https:\/\/securingthehuman.sans.org\/media\/resources\/STH-SecurityAwarenessReport-2017.pdf"},{"key":"JCIT.2019070102-20","author":"S. A. N. S.Security Awareness","year":"2017","journal-title":"2017 Security Awareness Report"},{"key":"JCIT.2019070102-21","unstructured":"Symantec. (2014). Symantec Security Awareness Program: Mitigate information risk by educating your employees."},{"key":"JCIT.2019070102-22","unstructured":"The MITRE Corporation. (2010). The Importance of Using EARNEST. Retrieved from https:\/\/www.mitre.org\/sites\/default\/files\/pdf\/mitre_earnest.pdf"},{"key":"JCIT.2019070102-23","author":"M.Ward","year":"2016","journal-title":"Security Awareness and Training: Solving the unintentional insider threat"},{"key":"JCIT.2019070102-24","author":"R. K.Yin","year":"2014","journal-title":"Case Study Research: Design and Methods"},{"key":"JCIT.2019070102-25","author":"R. K.Yin","year":"2018","journal-title":"Case Study Research and Applications"}],"container-title":["Journal of Cases on Information Technology"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=227676","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T17:59:49Z","timestamp":1651859989000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/JCIT.2019070102"}},"subtitle":["The Cybersecurity Awareness TRAining Model (CATRAM). A Case Study in Canada"],"short-title":[],"issued":{"date-parts":[[2019,7,1]]},"references-count":26,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,7]]}},"URL":"https:\/\/doi.org\/10.4018\/jcit.2019070102","relation":{},"ISSN":["1548-7717","1548-7725"],"issn-type":[{"value":"1548-7717","type":"print"},{"value":"1548-7725","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,7,1]]}}}