Risk and the Five Hard Problems of Cybersecurity

Scala, Natalie M.; Reilly, Allison; Goethals, Paul L.; Cukier, Michel

doi:10.1111/risa.13309

Cited by 36 publications

(12 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In terms of internal validity, it means that focusing only on one level of the problem can lead the researcher to exclude alternative explanations for a given finding (e.g., influence of organisational culture) (Turner et al 2017 ). A multiple-method approach can provide more complex results to handle, but at the same time it enables the triangulation of different sources for a more complex view of the phenomena (Driscoll et al 2007 ) and allows for the integration of additional aspects that are as important as the individual level (Scala et al 2019 ) in assessing CIS in organisations. The qualitative and the quantitative methods derived from HERMENEUT methodology and used in the present study are presented in Table 2 .…”

Section: Methodsmentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

show abstract

Section: Methodsmentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The study of governance of cybersecurity requires interdisciplinary research [30] drawing, among others, from governance theory, actor-network theory, and the study of sociotechnical regimes [35]. Research on Internet governance has already utilised actor-network theory and interpretative policy analysis to conceptualise multi-stakeholder arrangements engaging heterogeneous actors [36,37].…”

Section: Methodsmentioning

confidence: 99%

“…This partial list provides just a glimpse into the governance challenges of cybersecurity collaboration. The challenge is much more extensive, which explains why policy-governed (and not technology-driven) and secure collaboration is defined by the Science of Security initiative of the US National Security Agency as one of the top five 'hard problems' of cybersecurity [30].…”

Section: Introductionmentioning

confidence: 99%

Towards the Design of a Collaborative Cybersecurity Networked Organisation: Identification and Prioritisation of Governance Needs and Objectives

Тагарев

2020

Future Internet

View full text Add to dashboard Cite

The effective response to the proliferation and growing diversity and sophistication of cyber threats requires a broad spectrum of competencies, human, technological and financial resources that are in the powers of very few countries. The European Union is addressing this challenge through an initiative to establish one or more cybersecurity competence networks. A number of existing technologies can support collaboration in networked organisations; however, network governance remains a challenge. The study presented in this article aimed to identify and prioritise network governance issues. Towards that purpose, qualitative and quantitative methods were applied in the analysis of norms and regulations, statutory documents of existing networks, academic sources and interviews with representatives of funding organisations and potential major customers. The comprehensiveness and complementarity of these primary sources allowed to identify 33 categories of governance issues and group them in four tiers, indicative of the respective priority level. The results of the study are currently used to inform and orient the development of alternative models for governance of a cybersecurity network and a set of criteria for their evaluation. They will support informed decision-making on the most appropriate governance model of a future networked organisation, evolving from a project consortium.

show abstract

“…Ecuador remains a country that is developing at the level of ICT [22]., It is for this inexperience, which is considered most work systems and cyber security risk [23].…”

Section: Comparative Methodology Owasp Top Tenmentioning

confidence: 99%

Analysis of Vulnerabilities, Risks and Threats in the Process of Quota Allocation for the State University of Ecuador

Toapanta¹,

Henriquez²,

Gallegos³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Different models and standards of information security were analyzed, to adopt a model that mitigates vulnerabilities, risks and threats in the quota allocation process for the State University in Ecuador. The main objective is defining a prototype for the management of processes and information security in this type of organization. It was used the deductive and exploratory research method to analyze the information in the references. In this work, the characteristics of the attacks were analyzed. It turned out a model performs the detection and defense of attacks based on the differences in data and time between them and the browsing behavior of normal users. It was concluded that the prototypes presented as results are an alternative to improve the security of the processes and the flow of information and that these can be used as a reference in this type of organization.

show abstract

Risk and the Five Hard Problems of Cybersecurity

Cited by 36 publications

References 29 publications

Leveraging human factors in cybersecurity: an integrated methodological approach

Leveraging human factors in cybersecurity: an integrated methodological approach

Towards the Design of a Collaborative Cybersecurity Networked Organisation: Identification and Prioritisation of Governance Needs and Objectives

Analysis of Vulnerabilities, Risks and Threats in the Process of Quota Allocation for the State University of Ecuador

Contact Info

Product

Resources

About