Edinburgh Napier University

  This study investigates the promotion of digital literacy, online safety, and Information Security Awareness (ISA) among Scottish public sector employees by analysing policy frameworks. This paper compares the Scottish Public Sector Cyber Resilience Frameworks PSCRF (v1.0 and v2.0), identifying key strategies and patterns embedded in these documents by employing a thematic content analysis. The analysis reveals five critical themes: training and awareness, governance and accountability, risk management, inclusivity and access, and technological integration. These findings illuminate how the frameworks address the challenges of fostering a digitally literate and cyber-resilient workforce.

The original contribution of this study is: (a) the evaluation of how policy frameworks operationalise digital literacy, safety, and ISA through structured training and governance mechanisms; and (b) the identification of gaps and opportunities for advancing public sector practices, particularly in addressing behavioural factors influencing employee engagement. The findings offer actionable insights for improving cybersecurity policies and practices within public sector organisations and contribute to broader discussions on workforce readiness in an increasingly digitalised landscape.