A Just Culture Is Fundamental: Extending Security Ergonomics by Design

Craggs, Barnaby

doi:10.1109/sescps.2019.00015

Cited by 2 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The demonstrator also covers multiple aspects from our research areas. The demonstrator exploits known ICS device security vulnerabilities, and also incorporates elements of active failure (human error) [4,5].…”

Section: Discussionmentioning

confidence: 99%

Oops I Did it Again

Gardiner

Craggs

Green

et al. 2019

Proceedings of the ACM Workshop on Cyber-Physical Systems Security &Amp; Privacy - CPS-SPC'19

Self Cite

View full text Add to dashboard Cite

Research efforts in the security of Industrial Control Systems (ICS) have dramatically increased over the past few years. However, there is a limiting factor when work cannot be evaluated on real-world systems due to safety and operational reasons. This has led to multiple deployments of ICS testbeds covering multiple sectors including water treatment, power distribution and transportation networks. Over the last five years, we have designed and constructed ICS testbeds to support cyber security research. Our prior work in building testbeds culminated in a set of design principles and lessons learnt, formulated to support other researchers in designing and building their own ICS testbeds. In the last two years we have taken these lessons and used them to guide our own greenfield largescale, complex and process-diverse security testbed affording a rare opportunity to design and build from the ground up-one in which we have been able to look back and validate those past lessons and principles. In this work we describe the process of building our new ICS and Industrial Internet of Things (IIoT) testbed, and give an overview of its architecture. We then reflect on our past lessons, and contribute five previously unrecognised additional lessons based on this experience.

show abstract

Section: Discussionmentioning

confidence: 99%

Oops I Did it Again

Gardiner

Craggs

Green

et al. 2019

Proceedings of the ACM Workshop on Cyber-Physical Systems Security &Amp; Privacy - CPS-SPC'19

Self Cite

View full text Add to dashboard Cite

show abstract

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

show abstract

A Just Culture Is Fundamental: Extending Security Ergonomics by Design

Cited by 2 publications

References 12 publications

Oops I Did it Again

Oops I Did it Again

Leveraging human factors in cybersecurity: an integrated methodological approach

Contact Info

Product

Resources

About