An information security risk-driven investment model for analysing human factors

Abstract: Abstract

“…Research revealed that 80-90% of security breaches are due to humanenabled errors in the U.S. and U.K. (Maglaras, He, Janicke, & Evans, 2016) which these two countries account for over 90% of reported data breaches (Wirth, 2017). The evolving changes and threats in the cyber landscape are progressing; consequently, requiring organizations to develop holistic and dynamic information security strategies to eradicate and mitigate threats and vulnerabilities (Alavi, Islam, & Mouratidis, 2016). Even with the influx of technological capabilities coupled with operational, administrative, and technical countermeasures; there is a continuity of failure to address human factors concerns in information security, which enables the proliferation of data breaches, ransom attacks, and social engineering attacks at unprecedented levels.…”

“…A 2015 report indicates that Wells Fargo, Bank of America, Citibank, and J. P. Morgan Chase invested 1.5 billion dollars in mitigating emerging and persistent cyber threats (Morgan, 2016). Humans are notably the weakest link in security and risk management (Alavi, Islam, & Mouratidis, 2016;Proctor & Chen, 2015) because organizations struggle to understand and mitigate behavioral-based risk in information security. Human factors are the study of human interaction with information systems, networks, and practices in an information security environment (Nobles, 2015).…”

“…Human factors are the study of human interaction with information systems, networks, and practices in an information security environment (Nobles, 2015). Organizations leverage information systems to gain the competitive and strategic advantage to pursue business objectives; consequently, as the complexity of information systems and technologies increase humans become more susceptible to mistakes (Alavi, Islam, & Mouratidis, 2016). The cybersecurity threat landscape is continually evolving, and businesses are quickly adapting, primarily by leveraging technologies to counter cyber threats (Neely, 2017).…”

“…The U.S. and U.K. national-level cybersecurity policies listed human-related errors in cybersecurity as a significant degradation to national security (Dykstra, 2016). Nonetheless, most organizations have failed to implement programs to address human factors in cybersecurity (Alavi, Islam, & Mouratidis, 2016). Technology alone will not eliminate human error in cybersecurity.…”

Botching Human Factors in Cybersecurity in Business Organizations

“…Research revealed that 80-90% of security breaches are due to humanenabled errors in the U.S. and U.K. (Maglaras, He, Janicke, & Evans, 2016) which these two countries account for over 90% of reported data breaches (Wirth, 2017). The evolving changes and threats in the cyber landscape are progressing; consequently, requiring organizations to develop holistic and dynamic information security strategies to eradicate and mitigate threats and vulnerabilities (Alavi, Islam, & Mouratidis, 2016). Even with the influx of technological capabilities coupled with operational, administrative, and technical countermeasures; there is a continuity of failure to address human factors concerns in information security, which enables the proliferation of data breaches, ransom attacks, and social engineering attacks at unprecedented levels.…”

“…A 2015 report indicates that Wells Fargo, Bank of America, Citibank, and J. P. Morgan Chase invested 1.5 billion dollars in mitigating emerging and persistent cyber threats (Morgan, 2016). Humans are notably the weakest link in security and risk management (Alavi, Islam, & Mouratidis, 2016;Proctor & Chen, 2015) because organizations struggle to understand and mitigate behavioral-based risk in information security. Human factors are the study of human interaction with information systems, networks, and practices in an information security environment (Nobles, 2015).…”

“…Human factors are the study of human interaction with information systems, networks, and practices in an information security environment (Nobles, 2015). Organizations leverage information systems to gain the competitive and strategic advantage to pursue business objectives; consequently, as the complexity of information systems and technologies increase humans become more susceptible to mistakes (Alavi, Islam, & Mouratidis, 2016). The cybersecurity threat landscape is continually evolving, and businesses are quickly adapting, primarily by leveraging technologies to counter cyber threats (Neely, 2017).…”

“…The U.S. and U.K. national-level cybersecurity policies listed human-related errors in cybersecurity as a significant degradation to national security (Dykstra, 2016). Nonetheless, most organizations have failed to implement programs to address human factors in cybersecurity (Alavi, Islam, & Mouratidis, 2016). Technology alone will not eliminate human error in cybersecurity.…”

Botching Human Factors in Cybersecurity in Business Organizations

“…A further cost-focused and business economical focused approach is presented by [40] who resort to a meta-discussion of involved human factors in deriving various business economical figures related to security aspects. Unfortunately, what is yet missing in approach is a clear mathematical formalization of underlying mathematical problems and a formalized description to apply their derived cost metrics to an IT security scenario.…”

Selection of Pareto-efficient response plans based on financial and operational assessments

A Framework of Information Security Integrated with Human Factors