A Cyber-Security Culture Framework for Assessing Organization Readiness

2020 ◽  
pp. 1-11
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Kanaris Bounas ◽  
Dimitrios Askounis
Keyword(s):  
Cyber Security ◽  
Security Culture

scholarly journals Leveraging human factors in cybersecurity: an integrated methodological approach

2021 ◽  
Author(s):  
Alessandro Pollini ◽  
Tiziana C. Callari ◽  
Alessandra Tedeschi ◽  
Daniele Ruscio ◽  
Luca Save ◽  
...  
Keyword(s):  
Human Factors ◽  
Cyber Security ◽  
Quantitative Research ◽  
Methodological Approach ◽  
Quantitative Research Methods ◽  
Security Culture ◽  
Technological Factors ◽  
Qualitative And Quantitative ◽  
The Individual ◽  
Technical Solutions

AbstractComputer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

Cyber risk management in SMEs: insights from industry surveys

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Felicitas Hoppe ◽  
Nadine Gatzert ◽  
Petra Gruner
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Future Research ◽  
Management Process ◽  
Content Type ◽  
Security Culture ◽  
Current State ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

scholarly journals Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework

Sensors ◽  
2021 ◽  
Vol 21 (9) ◽  
pp. 3267
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitris Askounis
Keyword(s):  
Cyber Security ◽  
Common Knowledge ◽  
Holistic Approach ◽  
Security Assessment ◽  
Current Application ◽  
Industrial Control Systems ◽  
Holistic View ◽  
Security Culture ◽  
Individual Culture ◽  
Systems Model

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK’s possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.

scholarly journals Cyber-Security Culture: Psychological and Legal Aspects

2021 ◽  
Vol 11 (4) ◽  
pp. 207-220
Author(s):  
I.R. Begishev
Keyword(s):  
Cyber Security ◽  
Human Activities ◽  
Legal Aspects ◽  
Modern Human ◽  
Human Interaction ◽  
Personal Life ◽  
Security Culture ◽  
Psychology And Law ◽  
It Systems ◽  
Legislative Framework

Digitalization has become part and parcel of the modern-day human activities. Nowadays it is going into every field of business and personal life. To develop and prosper, most organizations need IT systems, and hence to take the safeguarding of their informational assets seriously. Many of the processes which are essential for securing their IT assets, largely depend on human interaction. This study has attempted to address the culture of cyber-security in the light of psychology and law. The results of the research showed that from the psychological standpoint, the culture of cyber-security involves the willingness on the part of a modern human to overcome the digital expansion by mastering the tools for countering the negative IT factors. In its turn, from the legal standpoint, the culture of cyber-security is based on the legislative framework which regulates the legal relations in the field of cyber-security.

scholarly journals Cyber-Security Culture towards Digital Marketing Communications among Small and Medium-Sized (SME) Entrepreneurs

2021 ◽  
Vol 13 (2) ◽  
pp. 20
Author(s):  
Aiman Huzrin Adleena Huzaizi ◽  
Siti Nor Amalina Ahmad Tajuddin ◽  
Khairul Azam Bahari ◽  
Kamaruzzaman Abdul Manan ◽  
Nur Nadia Abd Mubin
Keyword(s):  
Cyber Security ◽  
Strong Relationship ◽  
Digital Marketing ◽  
Marketing Communications ◽  
Quantitative Methodology ◽  
Security Culture ◽  
Attitudes And Practices ◽  
District Council ◽  
Wide Range ◽  
Level Of Knowledge

Cybersecurity is a multidisciplinary field of study that focuses on preserving and protecting data and information from a wide range of threats and dangers. This study presents a cyber-security culture for assessing the knowledge, attitude and practice towards digital marketing communications among small and medium-sized entrepreneurs. The objectives of this study were to identify the knowledge, attitudes, and practices of cyber-security culture toward digital marketing communications among small and medium-sized entrepreneurs in Selangor, as well as to look into the relationship between knowledge and practice in this area. This study utilized a quantitative methodology in the form of a survey, with respondents being selected at random from a list of numbers and from a box of random numbers. Several lists were generated using Instagram business account listings, telegram entrepreneur groups, the National Entrepreneurs Institute, and the Kuala Selangor District Council webpage for recruiting respondents. From the findings, this study found that there is a strong relationship between the level of knowledge and practices towards cybersecurity in digital marketing communications among small and medium-sized entrepreneurs. The study concluded that good knowledge of cybersecurity is crucial among entrepreneurs for them to establish good practices in managing their business.

scholarly journals Towards Assessing Critical Infrastructures’ Cyber-Security Culture During COVID-19 Crisis: A Tailor-made Survey

2020 ◽  
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitrios Askounis
Keyword(s):  
Cyber Security ◽  
Critical Infrastructures ◽  
Design And Development ◽  
Security Culture ◽  
Expected Outcomes ◽  
Detailed Questionnaire

This paper outlines the design and development of a survey targeting the cyber-security culture assessment of critical infrastructures during the COVID-19 crisis, when living routine was seriously disturbed and working reality fundamentally affected. Its foundations lie on a security culture framework consisted of 10 different security dimensions analysed into 52 domains examined under two different pillars: organizational and individual. In this paper, a detailed questionnaire building analysis is being presented while revealing the aims, goals and expected outcomes of each question. It concludes with the survey implementation and delivery plan following a number of pre-survey stages each serving a specific methodological purpose.

Creating a Cyber Security Culture for Your Water/Waste Water Utility

2016 ◽  
pp. 133-159 ◽  
Author(s):  
Srinivas Panguluri ◽  
Trent D. Nelson ◽  
Richard P. Wyman
Keyword(s):  
Waste Water ◽  
Cyber Security ◽  
Water Utility ◽  
Security Culture ◽  
Water Waste

Toward a U.S. Army Cyber Security Culture

2011 ◽  
Vol 1 (3) ◽  
pp. 70-80 ◽  
Author(s):  
Christopher Paul ◽  
Isaac R. Porche
Keyword(s):  
Change Management ◽  
Cyber Security ◽  
Culture Change ◽  
Security Culture ◽  
Practical Advice ◽  
The Creation ◽  
The U.S ◽  
Change Efforts

One of the reasons offered for gaps in organizations’ cyber security is the lack of a “cyber security culture.” This article defines and explores the concept of cyber security culture within the context of the U.S. Army. It concludes that the Army would benefit from the creation and adoption of a cyber security culture, though it would not be a security panacea. The article concludes by identifying and describing important elements of such a culture and practical advice for approaching culture change. These include: the development of policies that can be understood, adhered to, and enforced; change management efforts that unfreeze current culture, seek change, then refreeze/institutionalize changes; a structure that offers incentives for desired behaviors but also identifies and enforces compliance; and change efforts that emphasize change in knowledge/awareness and in attitude.

The Human Factor at the Center of a Cyber Security Culture

2019 ◽  
Vol 8 (1) ◽  
pp. 51-58
Author(s):  
Sorana CAMPEAN
Keyword(s):  
Cyber Security ◽  
Digital Literacy ◽  
Human Factor ◽  
Public Institutions ◽  
Medium Size ◽  
The European Union ◽  
Ip Address ◽  
Security Culture ◽  
Weakest Link ◽  
Precautionary Measures

With the issuing of the Resolution of 3 October 2017, on the fight against cybercrime, the European Parliament stressed once again that although the awareness about the risk posed by cybercrime has increased, “precautionary measures taken by individual users, public institutions and business, remain wholly inadequate, primarily due to lack of knowledge and resources”. (own emphasis) Consequently, there is a vital need to enable the end-users with easy-to-understand technical terminology, so that the goal becomes to maximise to the greatest extent feasible the human-factor as the strong link at the end of an IP address. Considering also the recent guidelines issued by ENISA on this topic, the paper proposes a simple, easy-to-implement model of a cyber-savvy digital user, as a possible way to approach the overall (mis)interpretation of “the human as the weakest link of cyber security”. Cyber security is often perceived as either belonging to the State or to organizations who can afford to implement it, or it is poorly put in place by small and medium size businesses due to financial constraints. This is, de facto, what is fuelling the perception of human as the weakest link of cyber security. Consequently, cyber security needs more recognition and increased visibility in the European Union. This paper proposes that the best manner to address this is via a human-centered approach to learning, trainings and awareness raising initiatives, tailored to suit all levels of digital literacy and regardless of demographics such as age or level of income.

Sign in / Sign up

Export Citation Format

Share Document