Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Federal Cybersecurity Awareness Programs A Mixed Methods Research Study

Published

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Abstract

Prior industry surveys and research studies have revealed that organizational security awareness programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement an effective and engaging program. However, no prior research has explored security awareness programs specifically in the United States (U.S.) government (federal) sector. To address this gap, NIST conducted a two-phase, mixed methods research study to understand the needs, challenges, and practices of federal security awareness programs. This report describes the research background and methodology, along with the characteristics of the participants, organizations, and programs represented in the study. Research results can serve as a resource for federal security awareness professionals, managers, and organizational decision makers to improve and advocate for their organizations' security awareness programs. Results can also inform the development of federal security awareness guidance, policies, sharing forums, and initiatives meant to aid programs in becoming more effective. While focused on the U.S. government, findings may also have implications for organizational security awareness programs in other sectors.
Citation
NIST Interagency/Internal Report (NISTIR) - 8420
Report Number
8420

Keywords

cybersecurity, cybersecurity awareness, focus groups, mixed methods, security professionals, survey, training, usable cybersecurity

Citation

Haney, J. , Jacobs, J. and Furman, S. (2022), Federal Cybersecurity Awareness Programs A Mixed Methods Research Study, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8420, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934334 (Accessed April 14, 2024)
Created March 25, 2022, Updated November 29, 2022