| Abstract [eng] |
Cybersecurity has become a priority field in digital infrastructures because the number of sophisticated threats is increasing constantly. While significant progress has been made in developing technical defenses, the human factor persists as the most significant source of vulnerability. Cybersecurity competence assessment frameworks have traditionally emphasized technical knowledge and procedural skills while underrepresenting the human factor, such as emotional states, stress, fatigue, teamworking, etc. This research introduces an improved framework for evaluating cybersecurity competence with explicit attention to human factors. The framework integrates cognitive, behavioral, and situational dimensions into a multidimensional evaluation model. The framework was tested through controlled experiments involving participants from the Security Operations Center of an international enterprise, encompassing both technical and non-technical roles as well as diverse levels of professional experience. Cybersecurity competence was evaluated through quizzes, real-world scenarios, and simulations, while participants’ physiological parameters, including heart rate variability (HRV), respiratory rate, and peripheral capillary oxygen saturation (SpO₂), were simultaneously monitored throughout the experiment. The quantitative analysis of participants’ responses, emotional states, and physiological measurements was made, enabling the identification of the levels of stress-inducing questions and cases. The findings indicate that HRV and SpO₂ can serve as predictive indicators of human factors and performance outcomes in competence assessment tests. Experiment confirmed that integrating human factor dimensions increases the validity and predictability of cybersecurity competence assessment models, while an improved framework provides a holistic understanding and contributes to the development of adaptive training methodologies. |
