AR-in-a-Box: A Structured 8-Step Framework for Cybersecurity Awareness
Downloads
AR-in-a-Box, developed by the European Union Agency for Cybersecurity (ENISA), offers a comprehensive framework to guide organisations in creating effective cybersecurity awareness programs. Through a structured 8-step process, this toolkit helps organisations set objectives, secure resources, manage human capital, segment audiences, select communication tools, plan timelines, implement programs, and evaluate outcomes. This paper explores each step in detail, incorporating state-of-the-art research and real-world case studies to demonstrate AR-in-a-Box's effectiveness in fostering a cybersecurity-conscious culture. Through targeted communication, interactive elements, and performance metrics, AR-in-a-Box enables organisations to embed cybersecurity awareness and improve resilience against evolving cyber threats.
Downloads
T. Herath and H. R. Rao, “Protection motivation and deterrence: A framework for security policy compliance in organizations,” European Journal of Information Systems, vol. 18, no. 2, pp. 106-125, Apr. 2009.
J. A. Crossler, A. C. Johnston, P. B. Lowry, Q. Hu, R. Warkentin, and M. Baskerville, “Future directions for behavioral information security research,” Computers & Security, vol. 32, pp. 90-101, 2013.
SANS Institute, Security Awareness Maturity Model, [Online]. Available: https://www.sans.org/mlp/ssa-ebook-maturity-model/
International Organization for Standardization, ISO/IEC 27001:2013 - Information Security Management, ISO/IEC, 2013.
European Union Agency for Cybersecurity (ENISA). AR-in-a-Box [Online]. Available: https://www.enisa.europa.eu/topics/cybersecurity-education/awareness-raising-in-a-box
UK Department of Health, Your Data Better Security, Better Choice, Better Care, 2018: https://assets.publishing.service.gov.uk/media/5a823ac6ed915d74e62367b0/Your_data_better_security_better_choice_better_care_government_response.pdf
NHS Digital. “Data Security Centre: Cyber and Data Security Services.” Available: https://digital.nhs.uk/cyber-and-data-security
Cybersecurity and Infrastructure Security Agency (CISA), “Cybersecurity Awareness Month,” 2023. Available: https://www.cisa.gov/cybersecurity-awareness-month
National Cybersecurity Alliance (NCSA), “Cybersecurity Awareness Month,” 2023. Available: https://staysafeonline.org/cybersecurity-awareness-month/
European Union Agency for Cybersecurity (ENISA), “European Cybersecurity Month,”. Available: https://cybersecuritymonth.eu/
European Union Agency for Cybersecurity (ENISA), Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity, Nov. 2018. Available: https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cybersecurity
N. S. Safa, R. Von Solms, and S. Furnell, “Information security policy compliance model in organizations,” Computers & Security, vol. 56, pp. 70-82, Feb. 2016. Available: https://doi.org/10.1016/j.cose.2015.10.006