Leveraging human factors in cybersecurity: an integrated methodological approach (original) (raw)
Related papers
Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review
Sensors, 2021
Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors th...
Towards an Improved Understanding of Human Factors in Cybersecurity
2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), 2019
Cybersecurity cannot be addressed by technology alone; the most intractable aspects are in fact sociotechnical. As a result, the 'human factor' has been recognised as being the weakest and most obscure link in creating safe and secure digital environments. This study examines the subjective and often complex nature of human factors in the cybersecurity context through a systematic literature review of 27 articles which span across technical, behavior and social sciences perspectives. Results from our study suggest that there is still a predominately a technical focus, which excludes the consideration of human factors in cybersecurity. Our literature review suggests that this is due to a lack of consolidation of the attributes pertaining to human factors; the application of theoretical frameworks; and a lack of in-depth qualitative studies. To ensure that these gaps are addressed, we propose that future studies take into consideration (a) consolidating the human factors; (b) examining cyber security from an interdisciplinary approach; (c) conducting additional qualitative research whilst investigating human factors in cybersecurity.
INVESTIGATING THE IMPACT OF HUMAN FACTORS ON CYBER SECURITY INCIDENTS AND MITIGATION STRATEGIES
As our reliance on digital technologies continues to grow, the human element in cybersecurity becomes increasingly critical. This research delves into the intricate interplay between human factors and cybersecurity incidents, aiming to unveil the underlying causes, patterns, and consequences. Through a comprehensive examination of human behaviors, cognitive biases, and organizational dynamics, the study seeks to identify vulnerabilities that contribute to cybersecurity breaches. The research employs a multi-disciplinary approach, incorporating insights from psychology, sociology, and information technology to offer a holistic understanding of the human element in cybersecurity. The investigation also focuses on the development and evaluation of effective mitigation strategies. By assessing existing cybersecurity frameworks and incorporating human-centric considerations, the research aims to propose innovative approaches for preventing, detecting, and responding to cyber threats. Insights gained from this study are anticipated to inform the design of more robust cybersecurity systems that account for the diverse range of human behaviors and decision-making processes. Ultimately, this research contributes to the broader field of cybersecurity by bridging the gap between technological advancements and human factors, fostering a more resilient cyber landscape in the face of evolving threats. The findings are expected to guide policymakers, organizations, and cybersecurity professionals in implementing proactive measures to address human-related vulnerabilities and enhance overall cyber resilience.
Framing the Human Dimension in Cybersecurity
ICST Transactions on Security and Safety
The advent of technologies that can seamlessly operate in different environments with differing levels of security present new challenges to the cybersecurity specialist seeking to ensure the safety of data, process or output of a complex system. This paper reviews the human dimension of cybersecurity. The Human Factors Integration (HFI) framework is employed as a structure with which to consider the many ways in which the human can differentially affect the security of a system both positively and negatively.
Deriving Cyber Security Risks from Human and Organizational Factors – A Socio-technical Approach
Complex Systems Informatics and Modeling Quarterly, 2019
Cyber security risks are socio-technical in nature. They result not just from technical vulnerabilities but also, more fundamentally, from the degradation of working practices over timewhich move an organization across the boundary of secure practice to a place where attacks will not only succeed, but also have a significantly greater impact on the organization. Yet current risk analysis and management methodologies are not designed to detect these kinds of systemic risks. We present an approach, devised in the field, to deriving these risksusing a qualitative research methodology, akin to grounded theory, but based on preset coding descriptors. This allows organizational and individual behavior identified during interviews, observations or document research to be thematically analyzed, collated and mapped to potential risks, linked to poor working practices. The resulting risk factors can be linked together forming "risk narratives", showing how the degradation of working practices in one part of the organization can contribute to undermining its ability to respond to cyber security threats in another part of the organization.
Human Factors in Cybersecurity – Perspectives from Industries
Proceedings of the Human Factors and Ergonomics Society Annual Meeting
Today, cybersecurity is impacting every individual and industry, but the level of effort from the human factors community seems negligible compared to the magnitude of the current security challenge. This panel invites professionals in the healthcare, computer and network, higher education, and automotive industries to share experiences, lessons learned and solutions. The panel characterizes the security landscape in different industries and facilitate discussion on human factors research and applications to address the formidable security challenge.
Understanding of Human Factors in Cybersecurity: A Systematic Literature Review
Understanding of Human Factors in Cybersecurity: A Systematic Literature Review, 2022
Cybersecurity is paramount for all public and private sectors for protecting their information systems, data, and digital assets from cyber-attacks; thus, relying on technology-based protections alone will not achieve this goal. This work examines the role of human factors in cybersecurity by looking at the top-tier conference on Human Factors in Cybersecurity over the past 6 years. A total of 24 articles were selected for the final analysis. Findings show that most of the authors used a quantitative method, where survey was the most used tool for collecting the data, and less attention has been paid to the theoretical research. Besides, three types of users were identified: university-level users, organizationallevel users, and unspecified users. Culture is another less investigated aspect, and the samples were biased towards the western community. Moreover, 17 human factors are identified; human awareness, privacy perception, trust perception, behavior, and capability are the top five among them. Also, new insights and recommendations are presented.
Human Factors in Cybersecurity: A Scoping Review
The 12th International Conference on Advances in Information Technology, 2021
Humans are often considered to be the weakest link in the cybersecurity chain. However, traditionally the Computer Science (CS) researchers have investigated the technical aspects of cybersecurity, focusing on the encryption and network security mechanisms. The human aspect although very important is often neglected. In this work we carry out a scoping review to investigate the take of the CS community on the human-centric cybersecurity paradigm by considering the top conferences on network and computer security for the past six years. Results show that broadly two types of users are considered: expert and non-expert users. Qualitative techniques dominate the research methodology employed, however, there is a lack of focus on the theoretical aspects. Moreover, the samples have a heavy bias towards the Western community, due to which the results cannot be generalized, and the effect of culture on cybersecurity is a lesser known aspect. Another issue is with respect to the unavailabil...
Enhancing Cybersecurity Resilience: A Comprehensive Analysis of Human Factors and Security Practices Aligned with the NIST Cybersecurity Framework, 2023
Although effective technical countermeasures play a pivotal role in safeguarding organizations' digital assets, the persistent challenge of human factors in cybersecurity cannot be underestimated. This study aims to identify the human factors employed within the cybersecurity research community and the relevant humancentric security practices. These human factors and security practices are subsequently mapped to the functions, categories, and sub-categories of the NIST Cybersecurity Framework (NIST-CSF). The methodology for this research comprises a literature review and qualitative mapping techniques. The findings show the identification of 20 distinct human factors and 12 security practices. Additionally, the mapping reveals that 3 of the NIST-CSF functions, 8 categories, and 19 sub-categories are directly related with human aspects of cybersecurity. By aligning human factors and security practices with established NIST-CSF guidelines, organizations can strengthen their overall security posture. Moreover, it helps identify gaps in cybersecurity related to human factors to address vulnerabilities and mitigate risks associated with human errors, reducing the likelihood of security incidents and data breaches. Ultimately, this study provides valuable insights, presents conclusions, and suggests directions for future work.
Establishing Human Factors Programs to Mitigate Blind Spots in Cybersecurity
2019
Most business organizations lack a human factors program and remain inattentive to human-centric issues and human-related problems that are leading to cybersecurity incidents, significant financial losses, reputational damage, and lost production. Other industries such as aviation, nuclear power, healthcare, and industrial safety leverage human factors problems as platforms to reduce human errors. The underappreciation and under-exploration of human factors in cybersecurity threatens the existence of every business. Cybersecurity operations are becoming increasingly abstruse and technologically sophisticated resulting in heightened opportunities for human errors. A human factors program can provide the foundation to address and mitigate human-centric issues, properly train the workforce, and integrate psychology-based professionals as stakeholders to remediate human factors-based problems.