2,424 Hits in 8.8 sec

Deriving Cyber Security Risks from Human and Organizational Factors – A Socio-technical Approach

Thomas Richard McEvoy, Stewart James Kowalski
2019 Complex Systems Informatics and Modeling Quarterly  
Cyber security risks are socio-technical in nature.  ...  We present an approach, devised in the field, to deriving these risksusing a qualitative research methodology, akin to grounded theory, but based on preset coding descriptors.  ...  To address this gap, we present a practical approach, derived in the field, which incorporates qualitative research techniques with socio-technical and human factor analysis to derive cyber security risks  ... 
doi:10.7250/csimq.2019-18.03 fatcat:p4ymkoi735civdnw54j4wvb36a

Designing Serious Games for Cyber Ranges: A Socio-technical Approach

Mazaher Kianpour, Stewart Kowalski, Erjon Zoto, Christopher Frantz, Harald Overby
2019 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)  
Appropriate training is an effective solution to tackle the evolving threat landscape and conflicts in the cyber domain and to fulfill security requirements.  ...  To this end, in this paper, we propose a framework for designing serious games that raise security awareness.  ...  Basel Katt and Ms. Grethe Østby for their constructive comments on this paper.  ... 
doi:10.1109/eurospw.2019.00016 dblp:conf/eurosp/KianpourKZFO19 fatcat:gdxtmcrexramtjskyoljh7vw5m

A Socio-Technical Approach to Cyber Risk Management and Impact Assessment

Konstantinia Charitoudi, Andrew Blyth
2013 Journal of Information Security  
Thus in performing risk management in a cyber security and safety context, a detailed picture of the impact that a security/safety incident can have on an organisation is developed.  ...  While traditional models of impact assessment have focused on the loss of confidentiality, integrity and availability, we propose a new model based upon socio-technical systems thinking that places the  ...  From a risk assessment perspective the challenge is to understand that impact that a potential loss of cyber safety and security can have on the organisation.  ... 
doi:10.4236/jis.2013.41005 fatcat:5omvapiqlng7lnyezhpghkvc5u

NSUWorks Contextualizing Secure Information System Design: A Socio-Technical Approach Contextualizing Secure Information System Design: A Socio-Technical Approach Contextualizing Secure Information System Design: A Socio-Technical Approach

Abdul Charif, Abdul Charif, Abdul Charif
The introduced artifact CSIS provided design comprehensiveness to emergent and changing requirements to IS from a socio-technical perspective.  ...  They lack a comprehensive modeling support and ignore the socio-technical organizational role of IS security. This research introduced the use of action research in design science research.  ...  The importance of the research problem stemmed from the need to have an applicable socio-technical approach for secure IS design that includes security requirements from both aspects (social and technical  ... 

Consulting the Oracle at Delphi - Combining Risk I and Risk in cyber security

Richard McEvoy, Stewart Kowalski
2021 International Workshop on Socio-Technical Perspective in IS Development  
From industrial experience, the former is less commonly used than the latter on a day-to-day basis, even though the former makes up the primary content of most commercially available risk analysis and  ...  We propose an approach for resolving these issues, based on experience "in the wild", and creating a Delphic convergence between the results of both approaches.  ...  result in a more flexible and more rounded approach to cyber security risk.  ... 
dblp:conf/stpis/McEvoyK21 fatcat:gdp27p3wvzb2dh33nz22gq25de

From information security to cyber security cultures

Rayne Reid, Johan Van Niekerk
2014 2014 Information Security for South Africa  
In an organizational context this need is met through the fostering of an information security culture (ISC). Similarly, in a societal context a cyber security culture (CSC) ought to be fostered.  ...  This raises the question of what precisely would constitute a CSC and how it differs from an ISC.  ...  Van Niekerk and Von Solms's definition of ISC derives from and expands Schein's organizational culture model.  ... 
doi:10.1109/issa.2014.6950492 dblp:conf/issa/ReidN14 fatcat:bxm2h3rx3zgutnmpx2vaoaktpe

Organizational Impacts of Cyber Security Provisions: A Sociotechnical Framework

Anthony Cresswell, Shahidul Hassan
2007 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07)  
We argue that such an analysis should be based on a sociotechnical approach to understanding information security in the organizational context.  ...  In this paper, we outline a conceptual framework for linking cyber security provisions to business processes.  ...  We will briefly explore three of them here to demonstrate how a socio-technical approach can yield valuable insights and impact information in relation to cyber security systems.  ... 
doi:10.1109/hicss.2007.418 dblp:conf/hicss/CresswellH07 fatcat:elg5x2h3qvg6rpstmtij76g5lq

Description of Safety Management Systems in Transportation

Tomáš Kertis, Dana Procházková
2018 Journal of Environmental Protection Safety Education and Management  
systems, technical and physical security, surveillance, occupational safety, safe place, human safety etc.  ...  It loans to concept of integral safety, i.e. a tool for ensuring the human security; it covers next engineering areas, for instance dependability management, functional safety, security of cyber-physical  ...  Acknowledgement Authors thanks to Czech Technical University in Prague for support (grant SGS2015-17).  ... 
doi:10.1515/jepsem-2017-0003 fatcat:47bibftzazerfcnjqst3wo2qf4

Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Patrick Sven Ulrich, Alice Timmermann, Vanessa Frank
2021 Organizational Cybersecurity Journal: Practice, Process and People  
An interesting tension emerges: family businesses see their employees more as a security risk, but do less than nonfamily businesses in terms of both training and organizational establishment.  ...  It shows tension between awareness, especially of risks emanating from employees, and organizational routines that have not been implemented or established.  ...  However, an approach that attempts to prevent risks arising from such attacks based solely on technological factors does not necessarily create a secure and comprehensive information security environment  ... 
doi:10.1108/ocj-03-2021-0010 fatcat:ulbc2oxyenczfivuqexdweemmy

Moving from a "Human-as-Problem" to a "Human-as-Solution" Cybersecurity Mindset

Verena Zimmermann, Karen Renaud
2019 International Journal of Human-Computer Studies  
Treating everyone as a problem does not seem to work, given the current cyber security landscape. Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently".  ...  This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems.  ...  Acknowledgement This research work has been funded by the German Federal Ministry of Education and Research and the Hessen State Ministry for Higher Education, Research and the Arts within their joint  ... 
doi:10.1016/j.ijhcs.2019.05.005 fatcat:dtqedztcmngyrdwcba55yuxhj4

Exploring Incentives and Challenges for Cybersecurity Intelligence Sharing (CIS) across Organizations: A Systematic Review

Farzan Kolini, The University of Auckland, Lech J. Janczewski, The University of Auckland
2022 Communications of the Association for Information Systems  
Cybersecurity intelligence sharing (CIS) has gained significance as an organizational function to protect critical information assets, manage cybersecurity risks, and improve cybersecurity operations.  ...  We used the overarching TOE framework to categorize these factors and propose a theoretical framework to establish common ground for future studies.  ...  (2013) applied a socio-technical approach to categorize information security risks in the healthcare industry.  ... 
doi:10.17705/1cais.05004 fatcat:l563ynjenfdt3ibxbay2rcbuku

Building resilient cyber-physical power systems

Mariella Tapia, Pablo Thier, Stefan Gößling-Reisemann
2020 TATuP - Journal for Technology Assessment in Theory and Practice  
To identify the critical points, a vulnerability assessment was conducted, involving experts from the power as well as the information and communication technologies (ICT) sectors.  ...  Power systems are undergoing a profound transformation towards cyber- physical systems.  ...  Arnim von Gleich for fruitful discussions and review of this manuscript, to Max Spengler for his support on the interview analysis, to Katja Hessenkämper, Katrina Stollmann and Cécile Pot d'or for proofreading  ... 
doi:10.14512/tatup.29.1.23 fatcat:otm55ifqcjb3pctzio3gjyqnoi

Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques

Jeffrey Hunker, Christian W. Probst
2011 Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications  
problem in cyber and organizational security in general.  ...  After presenting definitions of these terms, we go on to discuss a number of approaches from the technological, the sociological, and the socio-technical domain. We draw two main conclusions.  ...  We then proceed to outline the solution space (Section 2), considering in turn technical approaches (Section 3), the fused socio-technical approaches (Section 4), and finally the sociological/organizational  ... 
doi:10.22667/jowua.2011.03.31.004 dblp:journals/jowua/HunkerP11 fatcat:5iwopvcufndzrltdbub5a32lye

User, Usage and Usability: Redefining Human Centric Cyber Security

Marthie Grobler, Raj Gaire, Surya Nepal
2021 Frontiers in Big Data  
Particularly, the focus is on studies that specifically illustrate the shift in paradigm from functional and usage centred cyber security, to user centred cyber security by considering the human aspects  ...  We explore the increasing complexity of cyber security with a wider perspective, defining user, usage and usability (3U's) as three essential components for cyber security consideration, and classify developmental  ...  The domain shows promise as a socio-cognitive-technical approach to cyber security, focusing not purely on the role that humans play in cyber security, but developing a varied approaches that could ultimately  ... 
doi:10.3389/fdata.2021.583723 pmid:33748750 pmcid:PMC7968726 fatcat:y4aztmzsfjbzpfpiroomhmuhjm

Securing the Operation of Socially Critical Systems from an Engineering Perspective: New Challenges, Enhanced Tools and Novel Concepts

Wolfgang Kröger
2017 European Journal for Security Research  
Furthermore, humans are an essential part of these systems interacting with them and developing them into a "system of socio-technical systems".  ...  scenarios, and non-technical factors and to capture a widened spectrum of threats.  ...  Substantial deficits do exist in the area of human performance assessment which must be integrated into analyses and attempts to secure the operation of socio-technical critical systems like the power  ... 
doi:10.1007/s41125-017-0013-9 fatcat:fylzu3wwcfeifmafptz42bj4gq
« Previous Showing results 1 — 15 out of 2,424 results