Kirsi Aaltola; Petteri Taitto

Published in

Information & Security: An International Journal 43, no. 2 (2019): 123-133.


cybersecurity, education and training, exercises, human factors, organizational learning

Open Access



Development of information technology and the globalization require constant investment in people. New and emerging technologies such as autonomous systems, machine learning and AI radically re-contextualize the human dimension of the organization. Strategic changes have revealed new critical vulnerabilities such as social media-based election meddling and disinformation campaigning with impact on the human aspects at state, societal, organizational and individual levels. Education and training raise the level of expertise, skills and competences and ensure better performance in complex cyber situations. Researchers have addressed assumptions, models, concepts and cognitive aspects of human performance in the cyber domain. However, the theories and approaches of human learning in training and exercises are only partly touched. New techniques for enhancing organizational cyber resilience to cyber-attacks are needed and they still lack sound theoretical foundations.

This article aims to advance the discussion suggesting viewpoints on training and exercises in the cyber domain, taking into consideration specifics of skills in cyber security. It provides overview of theories of learning to better support human performance. Our critical interpretation enhances the comprehensive understanding of decision-making, learning theories, and design of cyber security training and exercises. Furthermore, our intention is to constructively promote discussion on current issues about human learning in cyber training and education and thus boost multidisciplinary studies to enhance cyber awareness.