Botching Human Factors in Cybersecurity in Business Organizations-Reference-Cited by-同舟云学术

Botching Human Factors in Cybersecurity in Business Organizations

Published:2018-12-01 Issue:3 Volume:9 Page:71-88
ISSN:2067-9785
Container-title:HOLISTICA – Journal of Business and Public Administration
language:en
Short-container-title:

Author:

Nobles Calvin¹

Affiliation:

1. Cybersecurity Policy Fellow, New America Think Tank, Washington, DC, USA ; University of Maryland University College , Adelphi , MD, USA

Abstract

Abstract Human factors remained unexplored and underappreciated in information security. The mounting cyber-attacks, data breaches, and ransomware attacks are a result of human-enabled errors, in fact, 95% of all cyber incidents are human-enabled. Research indicates that existing information security plans do not account for human factors in risk management or auditing. Corporate executives, managers, and cybersecurity professionals rely extensively on technology to avert cybersecurity incidents. Managers fallaciously believe that technology is the key to improving security defenses even though research indicates that new technologies create unintended consequences; nonetheless, technological induced errors are human-enabled. Managers’ current perspective on the human factors problem information security is too narrow in scope and more than a training problem. The management of complex cybersecurity operations accompanied by mounting human factor challenges exceeds the expertise of most information security professionals; yet, managers are reluctant to seek the expertise of human factors specialists, cognitive scientists, and behavioral analysts to implement effective strategies and objectives to reduce human-enabled error in information security.

Publisher

Walter de Gruyter GmbH

Subject

General Engineering

Link

https://www.sciendo.com/pdf/10.2478/hjbpa-2018-0024

Reference52 articles.

1. [1] A Eurocontrol FAA Action Plan 15 White Paper. (2015 December). A human performance standard or excellence.

2. [2] Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50, 179-211.10.1016/0749-5978(91)90020-T

3. [3] Alavi, R., Islam, S., &Mouratidis, H. (2016). An information security risk-driven investment model for analysing human factors. Information &Computer Security, 24(2), 205-227.10.1108/ICS-01-2016-0006

4. [4] Albrechtsen, E. &Hovden, J. (2010). Improving information security awareness and behavior through dialogue, participation and collective reflection. An intervention study. Computers &Security, 29, 432-445.10.1016/j.cose.2009.12.005

5. [5] Alfawaz, S., Nelson, K. &Mohannak, K. (2010). Information security culture: A behavior compliance conceptual framework. Eighth Australasian Information Security Conference, Brisbane, Australia.

Cited by 55 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The Missing Engineering Discipline in Cybersecurity: Human Factors Engineering;Proceedings of the Human Factors and Ergonomics Society Annual Meeting;2024-09-02

2. The Rise and Advancement;Advances in Logistics, Operations, and Management Science;2024-08-23

3. Disposable identities: Solving web tracking;Journal of Information Security and Applications;2024-08

4. The influence of work overload on cybersecurity behavior: A moderated mediation model of psychological contract breach, burnout, and self-efficacy in AI learning such as ChatGPT;Technology in Society;2024-06

5. Weaponization of Conscience in Cybercrime and Online Fraud: A Novel Systems Theory;Scientific Bulletin;2024-06-01