A Concept Proposal on Modeling of Security Fatigue Level

Tanimoto, Shigeaki; Nagai, Keita; Hata, Kenichiro; Hatashima, Takashi; Sakamoto, Yasuhisa; Kanai, Atsushi

doi:10.1109/acit-csii-bcd.2017.30

Cited by 8 publications

(10 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Training Fatiguementioning

confidence: 99%

“…The continuous influx of defensive countermeasures is called out as a stressor that results in security fatigue and burnout syndrome (Tanimoto et al, 2017). For example, research conducted by Tanimoto et al (2017) in Figure 1, attribution analysis (a) highlights frequent human-induced errors that are categorized in three categories (technical, environmental, and artificial), in which artificial factors illustrates unintended outcomes, such as unintentional human mistakes or errors. Strict security countermeasures or policies could inadvertently incite unintentional mistakes, as illustrated below to what researchers call a vicious cycle resulting in tightening security policies and rules, accompanied by human-induced errors (Tanimoto et al, 2017).…”

Section: Training Fatiguementioning

confidence: 99%

See 1 more Smart Citation

Stress, Burnout, and Security Fatigue in Cybersecurity: A Human Factors Problem

Nobles

2022

HOLISTICA – Journal of Business and Public Administration

View full text Add to dashboard Cite

Stress, burnout, and security fatigue continue as slight destroyers of strong cybersecurity and significant human factors concerns. The persistence of these human performance issues is concerning given the lack of mitigation and integration of human factors practitioners to mitigate these adverse risk circumstances. Security fatigue is not a new phenomenon but the evolving nature of cybersecurity results in various sub-categories of security fatigue; thus, making it a difficult problem to solve. Stress and burnout are major causes of short tenures in senior roles for security executives. Business decision-makers lack the expertise to explore the negative influences of stress, burnout, and security fatigue on cybersecurity. Technology-led cycles are organizations’ primary course of action to mitigate cybersecurity threats, resulting in complexity debt and making businesses more vulnerable to attacks. Human factors professionals can identify high-friction areas that degrade human performance and implement initiatives to reduce the risk. Human performance degradation in cybersecurity is a critical risk factor and requires immediate attention, given that cybercriminals continue to exploit human weaknesses to gain access to sensitive and critical infrastructure.

show abstract

Section: Training Fatiguementioning

confidence: 99%

Section: Training Fatiguementioning

confidence: 99%

Stress, Burnout, and Security Fatigue in Cybersecurity: A Human Factors Problem

Nobles

2022

HOLISTICA – Journal of Business and Public Administration

View full text Add to dashboard Cite

show abstract

“…One of the lead causes of security fatigue is the need for strict compliance with security policies of the organizations [8,9]. Some of the examples include encryption, automatic updates, and adhering to access-control policies [10].…”

Section: Motivation: the Role Of Human Errors And Security Fatiguementioning

confidence: 99%

“…Additionally, unsafe behaviors caused by security fatigue are exacerbated by an individual's perceived level of risk and risk-avoidance [11]. While researchers have tried to measure and model security fatigue [7,9], the mitigation of security fatigue is even more challenging.…”

Section: Motivation: the Role Of Human Errors And Security Fatiguementioning

confidence: 99%

Warning users about cyber threats through sounds

et al. 2021

View full text Add to dashboard Cite

This paper reports a formative evaluation of auditory representations of cyber security threat indicators and cues, referred to as sonifications, to warn users about cyber threats. Most Internet browsers provide visual cues and textual warnings to help users identify when they are at risk. Although these alarming mechanisms are very effective in informing users, there are certain situations and circumstances where these alarming techniques are unsuccessful in drawing the user’s attention: (1) security warnings and features (e.g., blocking out malicious Websites) might overwhelm a typical Internet user and thus the users may overlook or ignore visual and textual warnings and, as a result, they might be targeted, (2) these visual cues are inaccessible to certain users such as those with visual impairments. This work is motivated by our previous work of the use of sonification of security warnings to users who are visually impaired. To investigate the usefulness of sonification in general security settings, this work uses real Websites instead of simulated Web applications with sighted participants. The study targets sonification for three different types of security threats: (1) phishing, (2) malware downloading, and (3) form filling. The results show that on average 58% of the participants were able to correctly remember what the sonification conveyed. Additionally, about 73% of the participants were able to correctly identify the threat that the sonification represented while performing tasks using real Websites. Furthermore, the paper introduces “CyberWarner”, a sonification sandbox that can be installed on the Google Chrome browser to enable auditory representations of certain security threats and cues that are designed based on several URL heuristics. Article highlights It is feasible to develop sonified cyber security threat indicators that users intuitively understand with minimal experience and training. Users are more cautious about malicious activities in general. However, when navigating real Websites, they are less informed. This might be due to the appearance of the navigating Websites or the overwhelming issues when performing tasks. Participants’ qualitative responses indicate that even when they did not remember what the sonification conveyed, the sonification was able to capture the user’s attention and take safe actions in response.

show abstract

“…Employees typically recognize that the rules are necessary to protect security and they follow them, even if their operational efficiency is slightly reduced, but as time passes, the organization gradually falls into a vicious cycle in which the rules are no longer followed, as shown in Fig. 1 [16]. This situation in which the information security policy is not properly adhered to is one of the main reasons information security policies are not properly operated.…”

Section: Vicious Cycle Due To Strict Security Operationsmentioning

confidence: 99%

Information Security Fatigue Countermeasures Using Cognitive Strategy Scale Based on Web Questionnaires

Ogawa

Tanimoto

Hatashima

et al. 2021

IJNC

Self Cite

View full text Add to dashboard Cite

Information security measures have become increasingly important not only for companies but also for individuals in recent years. For this reason, many information security measures have been taken. However, if information security is overly complicated, ICT users may get overwhelmed. Although research on information security fatigue is being conducted, currently it is not enough. In particular, research from a psychological point of view is lacking. Examples of psychological measures include cognitive strategies that are classified as behavioral models. There are various cognitive strategies, but research into particular countermeasures against information security fatigue has not been sufficiently explored. In this work, we propose new measures based on psychological viewpoints. Specifically, these are information security fatigue countermeasures that introduce a cognitive strategy. We conducted a questionnaire survey on International Journal of Networking and Computing cognitive strategies and information security fatigue, analyzed the results, and classified them into 24 levels, consisting of six levels of the information security fatigue scale multiplied by four levels of cognitive strategies. Then, for each of these 24 levels, a new information security fatigue measure was proposed and evaluated on the basis of the free responses of the questionnaire survey. The results indicated that appropriate information security fatigue countermeasures according to human behavior patterns based on cognitive strategies and the information security fatigue scale are possible.

show abstract

A Concept Proposal on Modeling of Security Fatigue Level

Cited by 8 publications

References 0 publications

Stress, Burnout, and Security Fatigue in Cybersecurity: A Human Factors Problem

Stress, Burnout, and Security Fatigue in Cybersecurity: A Human Factors Problem

Warning users about cyber threats through sounds

Information Security Fatigue Countermeasures Using Cognitive Strategy Scale Based on Web Questionnaires

Contact Info

Product

Resources

About