The Human Factor in Cybersecurity: Robust &amp; Intelligent Defense

Marble, Julie L.; Lawless, William F.; Mittu, Ranjeev; Coyne, Joseph T.; Abramson, Myriam; Sibley, Ciara

doi:10.1007/978-3-319-14039-1_9

Cited by 24 publications

(9 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The "Organizational" category includes capabilities related to nontechnological factors, processes, risk management, and human factors. A large body of literature has investigated the role of human factors and awareness on information security or cybersecurity [55][56][57]. The "Technical" category comprises focus areas that require technical capabilities to become mature.…”

Section: Identifying the Dependencies And Positioning The Capabilitiementioning

confidence: 99%

The Cybersecurity Focus Area Maturity (CYSFAM) Model

Özkan

Lingen

Spruit

2021

JCP

View full text Add to dashboard Cite

The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.

show abstract

Section: Identifying the Dependencies And Positioning The Capabilitiementioning

confidence: 99%

The Cybersecurity Focus Area Maturity (CYSFAM) Model

Özkan

Lingen

Spruit

2021

JCP

View full text Add to dashboard Cite

show abstract

“…Employees should be good team workers and system thinkers. They should also have the necessary technical skills, be able to communicate information to common people, be determined to fulfill their duty, be able to learn continuously (Marble et al, 2015; Dawson and Thomson, 2018), and be well informed about their company’s cybersecurity policy (Li et al, 2019). Employees with higher threat awareness and countermeasure awareness perform better in cybersecurity tasks (Torten et al, 2018).…”

Section: Human Factor In Autonomous Vehicle Cybersecuritymentioning

confidence: 99%

Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research

et al. 2019

View full text Add to dashboard Cite

The cybersecurity of autonomous vehicles (AVs) is an important emerging area of research in traffic safety. Because human failure is the most common reason for a successful cyberattack, human-factor researchers and psychologists might improve AV cybersecurity by researching how to decrease the probability of a successful attack. We review some areas of research connected to the human factor in cybersecurity and find many potential issues. Psychologists might research the characteristics of people prone to cybersecurity failure, the types of scenarios they fail in and the factors that influence this failure or over-trust of AV. Human behavior during a cyberattack might be researched, as well as how to educate people about cybersecurity. Multitasking has an effect on the ability to defend against a cyberattack and research is needed to set the appropriate policy. Human-resource researchers might investigate the skills required for personnel working in AV cybersecurity and how to detect potential defectors early. The psychological profile of cyber attackers should be investigated to be able to set policies to decrease their motivation. Finally, the decrease of driver’s driving skills as a result of using AV and its connection to cybersecurity skills is also worth of research.

show abstract

“…Since computer security is not just about technology and systems, but it is also about the people who use these systems, so scholars repeatedly highlight the extreme importance of human factors in cybersecurity systems (Quigley, 2015;Hadlington, 2017;Marble et al, 2015;Yan et al, 2018, and etc. ).…”

Section: Introductionmentioning

confidence: 99%

“…J. Marble et al (2015) analyze the role of cyberattack participants (attackers and defenders). The authors emphasize that the lack of awareness of cyberthreats by users and the complexity of the new cyber environment are the key reasons for successful cyberattacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Psycholinguistic Aspects of Humanitarian Component of Cybersecurity

Krylova-Grek

2019

Psycholing.

View full text Add to dashboard Cite

Introduction. The paper focuses on language means exploited by social engineers in their activities in terms of humanitarian aspects of cybersecurity. The goal of this research is to analyze the methods and techniques employed by social engineers in their malicious activity and its features from a psycholinguistic point of view for further development of counteraction mechanisms. Methods. To obtain results we used the following methods: primary source analysis, analysis of spoken and written speech and speech products, and intent analysis. Results. The activity theory has been successfully applied to consider the key features of social engineers’ work. On the base of AT we presented a three-component model which we may consider only in the case of a social engineer’s successful attack (action). Based on the analysis of the sources, we distinguished the types of spoken and written communication actions (these types correspond to direct and indirect actions), used by social engineers to affect the cognitive processes for retrieving “sensitive data” and confidential information. Besides, we also categorized psychological and language means, which social engineers evidently apply in their activities. We stress that in most cases social engineers’ activities are aimed at a) affecting the person’s emotions and feelings; b) blocking rational and critical thinking; c) manipulating moral and ethic values, and d) using positive incentives that have an interest to a user. Taking into account the abovementioned types of communication, psychological and language means, we systematized and described the general techniques of using oral and written forms of language and technologies: 1) techniques related to the use of spoken speech; 2) techniques related to the use of written speech; 3) techniques related to the use of USB flash drives, applications, and program software. The findings are applicable for developing a mechanism to counter social engineers’ attacks and contribute to improving the level of cyber literacy.

show abstract

The Human Factor in Cybersecurity: Robust & Intelligent Defense

Cited by 24 publications

References 28 publications

The Cybersecurity Focus Area Maturity (CYSFAM) Model

The Cybersecurity Focus Area Maturity (CYSFAM) Model

Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research

Psycholinguistic Aspects of Humanitarian Component of Cybersecurity

Contact Info

Product

Resources

About