scholarly journals Developing a Cyber Security Culture: Current Practices and Future Needs

2021 ◽  
pp. 102387
Author(s):  
Betsy Uchendu ◽  
Jason R.C. Nurse ◽  
Maria Bada ◽  
Steven Furnell
Keyword(s):  
Cyber Security ◽  
Security Culture ◽  
Future Needs ◽  
Current Practices

scholarly journals Leveraging human factors in cybersecurity: an integrated methodological approach

2021 ◽  
Author(s):  
Alessandro Pollini ◽  
Tiziana C. Callari ◽  
Alessandra Tedeschi ◽  
Daniele Ruscio ◽  
Luca Save ◽  
...  
Keyword(s):  
Human Factors ◽  
Cyber Security ◽  
Quantitative Research ◽  
Methodological Approach ◽  
Quantitative Research Methods ◽  
Security Culture ◽  
Technological Factors ◽  
Qualitative And Quantitative ◽  
The Individual ◽  
Technical Solutions

AbstractComputer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

Cybersecurity Teamwork: A Review of Current Practices and Suggested Improvements

2020 ◽  
Vol 64 (1) ◽  
pp. 451-455
Author(s):  
Richard J. Simonson ◽  
Joseph R. Keebler ◽  
Mathew Lessmiller ◽  
Tyson Richards ◽  
John C. Lee
Keyword(s):  
Cyber Security ◽  
Cyber Attacks ◽  
Team Science ◽  
The Past ◽  
Insight Into ◽  
Current Practices

As cyber-attacks and their subsequent responses have become more frequent and complex over the past decade, research into the performance and effectiveness of cybersecurity teams has gained an immense amount of traction. However, investigation of teamwork in this domain is lacking due to the exclusion of known team competencies and a lack of reliance on team science. This paper serves to provide insight into the benefit that can be gained from utilizing the extant teamwork literature to improve teams’ research and applications in the domain of cyber-security.

Cyber risk management in SMEs: insights from industry surveys

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Felicitas Hoppe ◽  
Nadine Gatzert ◽  
Petra Gruner
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Future Research ◽  
Management Process ◽  
Content Type ◽  
Security Culture ◽  
Current State ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

A Cyber-Security Culture Framework for Assessing Organization Readiness

2020 ◽  
pp. 1-11
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Kanaris Bounas ◽  
Dimitrios Askounis
Keyword(s):  
Cyber Security ◽  
Security Culture

scholarly journals Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework

Sensors ◽  
2021 ◽  
Vol 21 (9) ◽  
pp. 3267
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitris Askounis
Keyword(s):  
Cyber Security ◽  
Common Knowledge ◽  
Holistic Approach ◽  
Security Assessment ◽  
Current Application ◽  
Industrial Control Systems ◽  
Holistic View ◽  
Security Culture ◽  
Individual Culture ◽  
Systems Model

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK’s possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.

scholarly journals Cyber-Security Culture: Psychological and Legal Aspects

2021 ◽  
Vol 11 (4) ◽  
pp. 207-220
Author(s):  
I.R. Begishev
Keyword(s):  
Cyber Security ◽  
Human Activities ◽  
Legal Aspects ◽  
Modern Human ◽  
Human Interaction ◽  
Personal Life ◽  
Security Culture ◽  
Psychology And Law ◽  
It Systems ◽  
Legislative Framework

Digitalization has become part and parcel of the modern-day human activities. Nowadays it is going into every field of business and personal life. To develop and prosper, most organizations need IT systems, and hence to take the safeguarding of their informational assets seriously. Many of the processes which are essential for securing their IT assets, largely depend on human interaction. This study has attempted to address the culture of cyber-security in the light of psychology and law. The results of the research showed that from the psychological standpoint, the culture of cyber-security involves the willingness on the part of a modern human to overcome the digital expansion by mastering the tools for countering the negative IT factors. In its turn, from the legal standpoint, the culture of cyber-security is based on the legislative framework which regulates the legal relations in the field of cyber-security.

scholarly journals Cyber-Security Culture towards Digital Marketing Communications among Small and Medium-Sized (SME) Entrepreneurs

2021 ◽  
Vol 13 (2) ◽  
pp. 20
Author(s):  
Aiman Huzrin Adleena Huzaizi ◽  
Siti Nor Amalina Ahmad Tajuddin ◽  
Khairul Azam Bahari ◽  
Kamaruzzaman Abdul Manan ◽  
Nur Nadia Abd Mubin
Keyword(s):  
Cyber Security ◽  
Strong Relationship ◽  
Digital Marketing ◽  
Marketing Communications ◽  
Quantitative Methodology ◽  
Security Culture ◽  
Attitudes And Practices ◽  
District Council ◽  
Wide Range ◽  
Level Of Knowledge

Cybersecurity is a multidisciplinary field of study that focuses on preserving and protecting data and information from a wide range of threats and dangers. This study presents a cyber-security culture for assessing the knowledge, attitude and practice towards digital marketing communications among small and medium-sized entrepreneurs. The objectives of this study were to identify the knowledge, attitudes, and practices of cyber-security culture toward digital marketing communications among small and medium-sized entrepreneurs in Selangor, as well as to look into the relationship between knowledge and practice in this area. This study utilized a quantitative methodology in the form of a survey, with respondents being selected at random from a list of numbers and from a box of random numbers. Several lists were generated using Instagram business account listings, telegram entrepreneur groups, the National Entrepreneurs Institute, and the Kuala Selangor District Council webpage for recruiting respondents. From the findings, this study found that there is a strong relationship between the level of knowledge and practices towards cybersecurity in digital marketing communications among small and medium-sized entrepreneurs. The study concluded that good knowledge of cybersecurity is crucial among entrepreneurs for them to establish good practices in managing their business.

scholarly journals Towards Assessing Critical Infrastructures’ Cyber-Security Culture During COVID-19 Crisis: A Tailor-made Survey

2020 ◽  
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitrios Askounis
Keyword(s):  
Cyber Security ◽  
Critical Infrastructures ◽  
Design And Development ◽  
Security Culture ◽  
Expected Outcomes ◽  
Detailed Questionnaire

This paper outlines the design and development of a survey targeting the cyber-security culture assessment of critical infrastructures during the COVID-19 crisis, when living routine was seriously disturbed and working reality fundamentally affected. Its foundations lie on a security culture framework consisted of 10 different security dimensions analysed into 52 domains examined under two different pillars: organizational and individual. In this paper, a detailed questionnaire building analysis is being presented while revealing the aims, goals and expected outcomes of each question. It concludes with the survey implementation and delivery plan following a number of pre-survey stages each serving a specific methodological purpose.

Sign in / Sign up

Export Citation Format

Share Document