The Concept of Cybersecurity Culture

Reegård, Kine; Blackett, Claire; Katta, Vikash

doi:10.3850/978-981-11-2724-3_0761-cd

Cited by 23 publications

(16 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That all these improvement measures required management buy-in in terms of resource approval, budget allocation, and prioritizing cybersecurity measures does not seem to have been transparent or perceived. Thus, this finding supports earlier research that a cybersecurity culture not only needs to be built and maintained but, very importantly, changes and activities communicated openly and clearly (Uchendu et al , 2021; Alshaikh, 2020; Reegård et al , 2019).…”

Section: Analysis Of Resultssupporting

confidence: 90%

Determining cybersecurity culture maturity and deriving verifiable improvement measures

Dornheim,

Zarnekow

2023

ICS

View full text Add to dashboard Cite

Purpose The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company. Design/methodology/approach Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in. Findings Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved. Originality/value This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

show abstract

Section: Analysis Of Resultssupporting

confidence: 90%

Determining cybersecurity culture maturity and deriving verifiable improvement measures

Dornheim,

Zarnekow

2023

ICS

View full text Add to dashboard Cite

show abstract

“…As a result, knowledge and attitudes are two critical pillars in establishing cybersecurity culture, which will then support cybersecurity best practices (Reegå rd et al, 2019) which were the focus of this present study.…”

Section: Background Of the Studymentioning

confidence: 93%

Cyber-Security Culture towards Digital Marketing Communications among Small and Medium-Sized (SME) Entrepreneurs

Huzaizi¹,

Tajuddin²,

Manan³

et al. 2021

ACH

View full text Add to dashboard Cite

Cybersecurity is a multidisciplinary field of study that focuses on preserving and protecting data and information from a wide range of threats and dangers. This study presents a cyber-security culture for assessing the knowledge, attitude and practice towards digital marketing communications among small and medium-sized entrepreneurs. The objectives of this study were to identify the knowledge, attitudes, and practices of cyber-security culture toward digital marketing communications among small and medium-sized entrepreneurs in Selangor, as well as to look into the relationship between knowledge and practice in this area. This study utilized a quantitative methodology in the form of a survey, with respondents being selected at random from a list of numbers and from a box of random numbers. Several lists were generated using Instagram business account listings, telegram entrepreneur groups, the National Entrepreneurs Institute, and the Kuala Selangor District Council webpage for recruiting respondents. From the findings, this study found that there is a strong relationship between the level of knowledge and practices towards cybersecurity in digital marketing communications among small and medium-sized entrepreneurs. The study concluded that good knowledge of cybersecurity is crucial among entrepreneurs for them to establish good practices in managing their business.

show abstract

“…Cybersecurity threats take many forms [2,3], from accidental data leaking to different forms of social engineering, ransomware, exploiting software vulnerabilities, and dis-tributed denial of service attacks (Figure 1). The best company's strategy against attacks is a multi-layered approach that includes several activities and practices that encompass the entire organization and can help reduce the risk of successful attacks and minimize the impact of any attacks that do occur [4]. While some of these activities can be easily done by laypeople and multi-tasking managers of small companies (patching and updating software and setting authentication with strong passwords), others require knowledge and experience (for example, vulnerability testing or network segmentation).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…In this paper, we primarily focus on the actions of black-hat hackers who seek to exploit cybersecurity vulnerabilities for malicious purposes. This approach will allow for the examination of the most pressing cybersecurity challenges faced by SMEs and the development of awareness of defensive strategies that are both effective and feasible for managers with varying levels of cybersecurity expertise [3,4]. However, it is also assumed that the hacker has a type, which, in this case, presumes a form of specialization.…”

Section: Game Settingmentioning

confidence: 99%

“…The array of cybersecurity threats that SMEs face is vast and varied, encompassing everything from the psychological manipulations of social engineering to the technical exploits of software vulnerabilities and the overwhelming assaults of distributed denial of service (DDoS) attacks [3][4][5]. Each type of threat demands a tailored strategic response, highlighting the paramount importance of human factors-particularly managerial awareness-in successfully identifying, preventing, and mitigating cyber threats.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

Kostelić

2024

Games

View full text Add to dashboard Cite

Awareness and human factors are becoming ever more important in cybersecurity, particularly in the context of small companies that may need more resources to deal with cybersecurity effectively. This paper introduces a theoretical framework for game analysis of the role of awareness in strategic interactions between the manager and a hacker. A computable approach is proposed based on Bayesian updating to model awareness in a cybersecurity context. The process of gaining awareness considers the manager’s perception of the properties of the hacker’s actions, game history, and common knowledge. The role of awareness in strategy choices and outcomes is analyzed and simulated, providing insights into decision-making processes for managers and highlighting the need to consider probabilistic assessments of threats and the effectiveness of countermeasures. The accuracy of the initial frequencies plays a significant role in the manager’s success, with aligned frequencies leading to optimal results. Inaccurate information on prior frequencies still outperforms complete uncertainty, emphasizing the value of any available intelligence. However, the results suggest that other awareness modeling approaches are necessary to enhance the manager’s agility and adaptiveness when the prior frequencies do not reflect the immediate attacker’s type, indicating the need for improved intelligence about cyber-attacks and examinations of different awareness modeling approaches.

show abstract

The Concept of Cybersecurity Culture

Cited by 23 publications

References 0 publications

Determining cybersecurity culture maturity and deriving verifiable improvement measures

Determining cybersecurity culture maturity and deriving verifiable improvement measures

Cyber-Security Culture towards Digital Marketing Communications among Small and Medium-Sized (SME) Entrepreneurs

Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

Contact Info

Product

Resources

About