Cybersecurity awareness training has a bad reputation for being ineffective and boring. In our EVote-ID paper, 2020, we show the contrary, namely that it is possible to deliver effective cybersecurity awareness training using e-learning. In the paper, we provide a general methodology on how to create cybersecurity awareness training, which consists of the following steps (1) define the target group, target setting, tasks, and responsibilities; (2) conduct a risk assessment by defining the adversarial environment, assests, and processes; (3) model threats of the entire socio-technical system and derive and prioritize potential attacks; (4) prepare training materials and create an e-learning platform; (5) evaluate the quality of the training, for exmaple, using Kirkpatrick's model of evaluation.
In the paper we describe a pilot study of this methodology in context of the European Parliament election 2019. We have derived an attack tree describing the socio-technial environment of a polling station focusing on all of the activites that concern the voter register. 