scholarly journals Towards Assessing Critical Infrastructures’ Cyber-Security Culture During COVID-19 Crisis: A Tailor-made Survey

2020 ◽  
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitrios Askounis
Keyword(s):  
Cyber Security ◽  
Critical Infrastructures ◽  
Design And Development ◽  
Security Culture ◽  
Expected Outcomes ◽  
Detailed Questionnaire

This paper outlines the design and development of a survey targeting the cyber-security culture assessment of critical infrastructures during the COVID-19 crisis, when living routine was seriously disturbed and working reality fundamentally affected. Its foundations lie on a security culture framework consisted of 10 different security dimensions analysed into 52 domains examined under two different pillars: organizational and individual. In this paper, a detailed questionnaire building analysis is being presented while revealing the aims, goals and expected outcomes of each question. It concludes with the survey implementation and delivery plan following a number of pre-survey stages each serving a specific methodological purpose.

scholarly journals Designing a Cyber-security Culture Assessment Survey Targeting Critical Infrastructures During Covid-19 Crisis

2021 ◽  
Vol 13 (1) ◽  
pp. 33-50 ◽  
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitris Askounis
Keyword(s):  
Working Conditions ◽  
Cyber Security ◽  
Critical Infrastructures ◽  
Global Crisis ◽  
Security Culture ◽  
Implementation Approach ◽  
Assessment Survey

The paper at hand presents the design of a survey aiming at the cyber-security culture assessment of critical infrastructures during the COVID-19 crisis, when living reality was heavily disturbed and working conditions fundamentally affected. The survey is rooted in a security culture framework layered into two levels, organizational and individual, further analyzed into 10 different security dimensions consisted of 52 domains. An in-depth questionnaire building analysis is presented focusing on the aims, goals, and expected results. It concludes with the survey implementation approach while underlining the framework’s first application and its revealing insights during a global crisis.

scholarly journals Leveraging human factors in cybersecurity: an integrated methodological approach

2021 ◽  
Author(s):  
Alessandro Pollini ◽  
Tiziana C. Callari ◽  
Alessandra Tedeschi ◽  
Daniele Ruscio ◽  
Luca Save ◽  
...  
Keyword(s):  
Human Factors ◽  
Cyber Security ◽  
Quantitative Research ◽  
Methodological Approach ◽  
Quantitative Research Methods ◽  
Security Culture ◽  
Technological Factors ◽  
Qualitative And Quantitative ◽  
The Individual ◽  
Technical Solutions

AbstractComputer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

scholarly journals Cybersecurity als Unternehmensleitungsaufgabe

2021 ◽  
Keyword(s):  
Cyber Security ◽  
Personal Data ◽  
Third Parties ◽  
Law School ◽  
The Other ◽  
Critical Infrastructures ◽  
Labour Law ◽  
Special Obligations ◽  
The One ◽  
Liability Risks

Cybersecurity is a central challenge for many companies. On the one hand, companies have to protect themselves against cyberattacks; on the other hand, they have special obligations towards third parties and the state in critical infrastructures or when dealing with personal data. These responsibilities converge with company management. This volume examines the duties and liability risks of management in connection with cyber security from the perspective of corporate, constitutional and labour law. The volume is based on a conference of the same name, which took place in cooperation with the Friedrich Naumann Stiftung für die Freiheit on 23 and 24 October 2020 at Bucerius Law School in Hamburg. With contributions by Andreas Beyer, Marc Bittner, Alexander Brüggemeier, Anabel Guntermann, Katrin Haußmann, Dennis-Kenji Kipker, Christoph Benedikt Müller, Isabella Risini, Darius Rostam, Sarah Schmidt-Versteyl and Gerald Spindler.

Cyber risk management in SMEs: insights from industry surveys

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Felicitas Hoppe ◽  
Nadine Gatzert ◽  
Petra Gruner
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Future Research ◽  
Management Process ◽  
Content Type ◽  
Security Culture ◽  
Current State ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

SCADA Systems Cyber Security for Critical Infrastructures

2020 ◽  
pp. 446-464
Author(s):  
Suhaila Ismail ◽  
Elena Sitnikova ◽  
Jill Slay
Keyword(s):  
Decision Making ◽  
Data Acquisition ◽  
Case Studies ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Physical Injury ◽  
The Public ◽  
Psychological Theories ◽  
Scada Systems

Past cyber-attacks on Supervisory Control and Data Acquisition (SCADA) Systems for Critical infrastructures have left these systems compromised and caused financial and economic problems. Deliberate attacks have resulted in denial of services and physical injury to the public in certain cases. This study explores the past attacks on SCADA Systems by examining nine case studies across multiple utility sectors including transport, energy and water and sewage sector. These case studies will be further analysed according to the cyber-terrorist decision-making theories including strategic, organisational and psychological theories based on McCormick (2000). Next, this study will look into cyber-terrorist capabilities in conducting attacks according to Nelson's (1999) approach that includes simple-unstructured, advance-structured and complex-coordinated capabilities. The results of this study will form the basis of a guideline that organisations can use so that they are better prepared in identifying potential future cybersecurity attacks on their SCADA systems.

A Cyber-Security Culture Framework for Assessing Organization Readiness

2020 ◽  
pp. 1-11
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Kanaris Bounas ◽  
Dimitrios Askounis
Keyword(s):  
Cyber Security ◽  
Security Culture

scholarly journals Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework

Sensors ◽  
2021 ◽  
Vol 21 (9) ◽  
pp. 3267
Author(s):  
Anna Georgiadou ◽  
Spiros Mouzakitis ◽  
Dimitris Askounis
Keyword(s):  
Cyber Security ◽  
Common Knowledge ◽  
Holistic Approach ◽  
Security Assessment ◽  
Current Application ◽  
Industrial Control Systems ◽  
Holistic View ◽  
Security Culture ◽  
Individual Culture ◽  
Systems Model

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK’s possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.

Sign in / Sign up

Export Citation Format

Share Document