An Effective Cybersecurity Training Model to Support an Organizational Awareness Program: The Cybersecurity Awareness TRAining Model (CATRAM). A Case Study in Canada

Traditional cybersecurity, security or information security awareness programs have become ineffective to change people's behavior in recognizing, failing to block or reporting cyberthreats within their organizational environment. As a result, human errors and actions continue to demonstrate that we are the weakest links in cybersecurity. This article studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks and approaches. The authors introduce a suggested awareness training model to address existing deficiencies in awareness training. The Cybersecurity Awareness TRAining Model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The authors concluded their study by addressing the need of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.