How Management Goes Wrong? – The Human Factor Lessons Learned from a Cyber Incident Handling Exercise

Aoyama, Tomomi; Naruoka, Hidemasa; Koshijima, Ichiro; Watanabe, Kenji

doi:10.1016/j.promfg.2015.07.178

Cited by 5 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Historically, CIS has usually been approached adopting a technology-centric viewpoint, with little – if no – consideration and understanding of the end users’ cognitive processes, needs and motivations (Abawajy 2014 ; Aoyama et al 2015 ; Glaspie 2018 ; Lahcen et al 2018 ). As a consequence, organisations have given great emphasis to technological solutions (e.g., firewalls, antivirus software, and intrusion detection systems) to tackle potential cyber threats (Abawajy 2014 ; Aoyama et al 2015 ; Mouton et al 2016 ; Segovia et al 2017 ). The recent research in cybersecurity widely agrees that a holistic approach as opposed to technical solutions alone is required to contrast cyber-attacks (Al-Darwish and Choe 2019; Bansal et al 2010 ; Corradini, 2020 ; Jeong et al 2019; Eminağaoğlu et al 2009 ).…”

Section: Introductionmentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

show abstract

Section: Introductionmentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Due to its low cost, most training courses are designed to improve employees' security awareness and reduce human errors. Aoyama et al summarized that most teams have experienced similar management challenges, and the management challenges observed in incident handling training are possible challenges in real-world cyber incident management [12]. The demand for SETA implementation in industries is increasing, and some authoritative organizations are providing training in cyber incident handling.…”

Section: Difficulties In Seta Implementationmentioning

confidence: 99%

An Exploratory Study on Sustaining Cyber Security Protection through SETA Implementation

et al. 2022

View full text Add to dashboard Cite

It is undeniable that most business organizations rely on the Internet to conduct their highly competitive businesses nowadays. Cyber security is one of the important elements for companies to guarantee the normal operation of their business activities. However, there is no panacea in cyber security protection. Common security practices used are to deploy hardware and software security protection tools to combat the known security threats which may become more and more powerful later. In fact, the attackers and security practitioners are at war from time to time. As a result, such a tools-based security protection strategy cannot be sustained. On the other hand, the related awareness training for employees is ignored in a number of companies, which has made biased the decisions made by staff when facing cyber security breaches. In this study, in order to find ways to sustain such protection, we conduct a quantitative analysis to explore the key elements contributing to the SETA implementation of the companies and organizations. We evaluate the performances of eight supervised learning models in a dataset collected from cyber security breach surveys on UK businesses to perform a fundamental analysis. The detailed analysis is performed via the feature importance of features generated in the model with better performance in the task of detecting the companies and organizations with SETA implementation. The experiment result shows that the awareness related factors play the most significant role in the SETA implementation decision-making for the businesses, and most of the businesses are lacking the awareness to prevent the potential cyber security risks in the stuff using externally-hosted web services and products as well as services depending on online services.

show abstract

Developing a Cyber Incident Communication Management Exercise for CI Stakeholders

Aoyama

Watanabe

Koshijima

et al. 2017

Critical Information Infrastructures Security

View full text Add to dashboard Cite

How Management Goes Wrong? – The Human Factor Lessons Learned from a Cyber Incident Handling Exercise

Cited by 5 publications

References 2 publications

Leveraging human factors in cybersecurity: an integrated methodological approach

Leveraging human factors in cybersecurity: an integrated methodological approach

An Exploratory Study on Sustaining Cyber Security Protection through SETA Implementation

Developing a Cyber Incident Communication Management Exercise for CI Stakeholders

Contact Info

Product

Resources

About