Security-Related Stress: A Perspective on Information Security Risk Management

Lundgren, Martin; Bergström, Erik

doi:10.1109/cybersecpods.2019.8884877

Cited by 4 publications

(3 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead, cybersecurity risk management may overload the agile method since additional requirements introduced between sprints must be assessed [2,3,29,30]. Indeed, cybersecurity risk management activities can consume a lot of time [31,32], which has been reported as a potential stressor for practitioners with little or no previous experience within cybersecurity [33]. We denote this challenge as C 1 .…”

Section: Software Development Life Cyclementioning

confidence: 99%

Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams

Salin

Lundgren

2022

JCP

Self Cite

View full text Add to dashboard Cite

In this study, a framework was developed, based on a literature review, to help managers incorporate cybersecurity risk management in agile development projects. The literature review used predefined codes that were developed by extending previously defined challenges in the literature—for developing secure software in agile projects—to include aspects of agile cybersecurity risk management. Five steps were identified based on the insights gained from how the reviewed literature has addressed each of the challenges: (1) risk collection; (2) risk refinement; (3) risk mitigation; (4) knowledge transfer; and (5) escalation. To assess the appropriateness of the identified steps, and to determine their inclusion or exclusion in the framework, a survey was submitted to 145 software developers using a four-point Likert scale to measure the attitudes towards each step. The resulting framework presented herein serves as a starting point to help managers and developers structure their agile projects in terms of cybersecurity risk management, supporting less overloaded agile processes, stakeholder insights on relevant risks, and increased security assurance.

show abstract

Section: Software Development Life Cyclementioning

confidence: 99%

Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams

Salin

Lundgren

2022

JCP

Self Cite

View full text Add to dashboard Cite

show abstract

“…Technostress is defined as psychosomatic illness caused by working with computer technology daily, or the negative psychological link between people and the introduction of new technologies (Wikipedia 2019). The fast-paced workplace, and the continuous changing technological landscape at workplace is shown to cause technostress (Ayyagari R. et al, 2011, Tarafdar, M., Tu, Q., and Ragu-Nathan, T.S., 2010, Lundgren M., and Bergstrom, E., 2019. Workplace-related stress and technostress should be minimised, and this can be achieved by ensuring that operators are not overwhelmed with endless activities and that there is a work life balance.…”

Section: ○ Stressmentioning

confidence: 99%

Multidimensional Cybersecurity Framework for Strategic Foresight

Onwubiko¹,

Ouazzane²

2022

IJCSA

View full text Add to dashboard Cite

Cybersecurity is now at the forefront of most organisations’ digital transformative agendas and National economic, social and political programmes. Hence its impact to society can no longer be seen to be one dimensional. The rise in National cybersecurity laws and regulations is a good indicator of its perceived importance to nations. And the recent awakening for social and ethical transparency in society and coupled with sustainability issues demonstrate the need for a paradigm shift in how cybersecurity discourses can now happen. In response to this shift, a multidimensional cybersecurity framework for strategic foresight underpinned on situational awareness is proposed. The conceptual cybersecurity framework comprising six domains – Physical, Cultural, Economic, Social, Political and Cyber – is discussed. The guiding principles underpinning the framework are outlined, followed by in-depth reflection on the Business, Operational, Technological and Human (BOTH) factors and their implications for strategic foresight for cybersecurity.

show abstract

“…Security controls are typically identified and selected as a result of a risk assessment, often requiring a broad set of skills and knowhow [5][6][7], as it aims to maximize resource allocation as well as benefit the security controls offered in assisting (rather than burdening) organizational operation and development [8]. However, adoption of new security controls often means changes to the organization's environment, which is not always perceived as useful, depending on the organization's change-readiness [9].…”

Section: Introductionmentioning

confidence: 99%

A Gap Analysis of the Adoption Maturity of Certificateless Cryptography in Cooperative Intelligent Transportation Systems

Salin,

Lundgren

2023

JCP

Self Cite

View full text Add to dashboard Cite

Cooperative Intelligent Transport Systems (C-ITSs) are an important development for society. C-ITSs enhance road safety, improve traffic efficiency, and promote sustainable transportation through interconnected and intelligent communication between vehicles, infrastructure, and traffic-management systems. Many real-world implementations still consider traditional Public Key Infrastructures (PKI) as the underlying trust model and security control. However, there are challenges with the PKI-based security control from a scalability and revocation perspective. Lately, certificateless cryptography has gained research attention, also in conjunction with C-ITSs, making it a new type of security control to be considered. In this study, we use certificateless cryptography as a candidate to investigate factors affecting decisions (not) to adopt new types of security controls, and study its current gaps, key challenges and possible enablers which can influence the industry. We provide a qualitative study with industry specialists in C-ITSs, combined with a literature analysis of the current state of research in certificateless cryptographic in C-ITS. It was found that only 53% of the current certificateless cryptography literature for C-ITSs in 2022–2023 provide laboratory testing of the protocols, and 0% have testing in real-world settings. However, the trend of research output in the field has been increasing linearly since 2016 with more than eight times as many articles in 2022 compared to 2016. Based on our analysis, using a five-phased Innovation-Decision Model, we found that key reasons affecting adoption are: availability of proof-of-concepts, knowledge beyond current best practices, and a strong buy-in from both stakeholders and standardization bodies.

show abstract

Security-Related Stress: A Perspective on Information Security Risk Management

Cited by 4 publications

References 40 publications

Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams

Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams

Multidimensional Cybersecurity Framework for Strategic Foresight

A Gap Analysis of the Adoption Maturity of Certificateless Cryptography in Cooperative Intelligent Transportation Systems

Contact Info

Product

Resources

About