The security mindset: characteristics, development, and consequences-Reference-Cited by-同舟云学术

The security mindset: characteristics, development, and consequences

Published:2023-01-01 Issue:1 Volume:9 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Schoenmakers Koen¹,Greene Daniel²^ORCID,Stutterheim Sarah³,Lin Herbert⁴,Palmer Megan J⁵

Affiliation:

1. Department of Psychology, Harvard University , Cambridge, MA 02138 , USA

2. Gryphon Scientific LLC, 6930 Carroll Ave., Takoma Park MD 20912, and Center for International Security and Cooperation, Stanford University , Stanford, CA 94305 , USA

3. Care and Public Health Research Institute & Department of Health Promotion, Faculty of Health, Medicine, and Life Sciences, Maastricht University , 6200 MD, Maastricht , the Netherlands

4. Center for International Security and Cooperation, Stanford University , Stanford, CA 94305 , USA

5. Department of Bioengineering and Center for International Security and Cooperation, Stanford University , Stanford, CA 94305 , USA

Abstract

Abstract The world is facing a cybersecurity skills gap as cybercrime and cyberwarfare grow in importance. One often-discussed quality that is potentially relevant to cybersecurity recruitment and education is the so-called “security mindset”: a way of thinking characteristic of some security professionals that they believe to be especially advantageous in their work. Although some employers express a desire to hire people with a security mindset, and initiatives to cultivate the security mindset are being implemented, it has no common definition and little is known about its characteristics, its development, and its consequences. We interviewed 21 cybersecurity professionals who strongly identified as having a security mindset based on a minimal description drawn from existing literature. Thematic analysis of the interview data suggests that the security mindset can be conceptualized as consisting of three interconnected aspects—“monitoring” for potential security anomalies, “investigating” anomalies more deeply to identify security flaws, and “evaluating” the relevance of those flaws in a larger context. These three aspects develop in different ways and have different personal and professional consequences. Participants mostly spoke positively of the security mindset, but they also mentioned several disadvantages not mentioned by existing security-mindset literature, such as mental health pressures, workplace tensions, and negative effects on personal relationships. We discuss the implications of these findings for future study of the security mindset and suggest practical implications for cybersecurity management, education, and recruitment.

Funder

Open Philanthropy

Publisher

Oxford University Press (OUP)

Subject

Law,Computer Networks and Communications,Political Science and International Relations,Safety, Risk, Reliability and Quality,Social Psychology,Computer Science (miscellaneous)

Link

https://academic.oup.com/cybersecurity/article-pdf/9/1/tyad010/50476410/tyad010.pdf

Reference90 articles.

1. The security mindset – Schneier on security;Schneier,2008

2. The cybersecurity skills gap;Naden,2021

3. Closing the cybersecurity skills gap;Vogel;Salus Journal,2016

4. The real-world impact of the global cybersecurity workforce gap on cyber defenders;Rosso,2021

5. Cybersecurity Jobs Report 2018–2021;Morgan,2021

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Cybercrime Risk Found in Employee Behavior Big Data Using Semi-Supervised Machine Learning with Personality Theories;Big Data and Cognitive Computing;2024-03-29

2. Behavior Types from Cybersecurity Perspective: An Overview;Studies in Computational Intelligence;2024

3. Self-paced cybersecurity awareness training educating retail employees to identify phishing attacks;Journal of Cyber Security Technology;2023-08-23

4. The Role of Organizational Culture in Cybersecurity: Building a Security-First Culture;SSRN Electronic Journal;2023