Skip to main content
SpringerLink
Log in

Understanding Human Factors in Cyber Security as a Dynamic System

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 593))

Included in the following conference series:

Abstract

The perspective of human factors is largely missing from the wider cyber security dialogue and its scope is often limited. We propose a framework in which we consider cyber security as a state of a system. System change is brought on by an entity’s behavior. Interventions are ways of changing entities’ behavior to inhibit undesirable behavior and increase desirable behavior. Choosing an intervention should take into account the dynamic nature of how humans use cyberspace. People are not likely to change old behavior at the drop of a hat. The key is to invent new ways to maintain old behavior in new circumstances. Our framework differentiates three basic pathways of actor behavior that influence the cyber security of a system. The distinction between reflex, habit and thoughtful paths to action does facilitate the endeavor to develop successful interventions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Parsons, K., McCornac, A., Butavicus, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Technical report, DSTO (2010)

    Google Scholar 

  2. Marinos, L., Belmonte, A., Rekleitis, E.: ENISA threat landscape. Technical report, ENISA (2016)

    Google Scholar 

  3. Tofa, D., Theodoros, N., Darra, E.: The cost of incidents affecting CIIs. Technical report, ENISA (2016)

    Google Scholar 

  4. Willisin, R., Warketin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37(1), 1–20 (2013)

    Google Scholar 

  5. Ifinedo, P., Akinnuwesi, B.: Employees’ non-malicious, counterproductive computer security behaviors (CCSB) in Nigeria and Canada: an empirical and comparative analysis. In: Proceedings of 2014 IEEE 6th International Conference on Adaptive Science and Technology (ICAST), Lagos, NG (2014)

    Google Scholar 

  6. CERT Insider Threat Center: Common sense guide to mitigating insider threats, 5th edn. Technical report, Software Engineering Institute (2016)

    Google Scholar 

  7. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)

    Google Scholar 

  8. CERT Insider Threat Center: Unintentional insider threats: social engineering. Technical report, Software Engineering Institute (2014)

    Google Scholar 

  9. Kreamer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput. Secur. 48, 509–520 (2009)

    Article  Google Scholar 

  10. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L., Downs, J: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 373–382. ACM Press, New York (2010)

    Google Scholar 

  11. Kopper, A., Westner, M.: Deriving a framework for causes, consequences, and governance of shadow it from literature. In: Proceedings of MKWI 2016 (2016)

    Google Scholar 

  12. Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organiz tions. Comput. Secur. 56, 70–82 (2016)

    Article  Google Scholar 

  13. CERT Insider Threat Team: Unintentional insider threats: a foundational study. Technical report, Software Engineering Institute (2013)

    Google Scholar 

  14. Oltramari, A., Henshel, D.H., Cains, M., Hoffman., B: Towards a human factors ontology for cyber security. In: Proceedings of the Tenth Conference on Semantic Technology for Intelligence, Defense, and Security, Fairfax, VA, pp 26–33. (2015)

    Google Scholar 

  15. Lampson, B.: Privacy and security usable security: how to get it. Commun. ACM 52, 25–27 (2009)

    Article  Google Scholar 

  16. Caldwell, T.: Making security awareness training work. Comput. Fraud Secur. 2016(6), 8–14 (2016)

    Article  Google Scholar 

  17. Rudis, B., Hayden, L., Kretschmer, G., Sasse, A., Becker, A., Homer, J.: Security awareness report. Technical report, SANS (2016)

    Google Scholar 

  18. Cyber Security Assessment Netherlands (2016). https://www.ncsc.nl/english/current-topics/Cyber+Security+Assessment+Netherlands. Accessed 8 Mar 2017

  19. Bodua, D.J., Graubart, R.: Cyber resiliency engineering framework. Technical report, Mitre Corporation (2011)

    Google Scholar 

Download references

Acknowledgements

We would like to thank the following colleagues: Dianne van Hemert, Helma van den Berg, Roy Mente, Allard Kernkamp, and Tjarda Krabbendam-Hersman.

Author information

Authors and Affiliations

  1. The Netherlands Organisation for Applied Scientific Research (TNO), Kampweg 5, Soesterberg, The Netherlands

    Heather Young, Tony van Vliet & Carlijn Broekman

  2. The Netherlands Organisation for Applied Scientific Research (TNO), Oude Waalsdorperweg 63, The Hague, The Netherlands

    Josine van de Ven

  3. The Netherlands Organisation for Applied Scientific Research (TNO), Anna van Buerenplein 1, The Hague, The Netherlands

    Steven Jol

Authors
  1. Heather Young
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tony van Vliet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Josine van de Ven
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Steven Jol
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Carlijn Broekman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Heather Young .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc., Belle Isle, Florida, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Young, H., van Vliet, T., van de Ven, J., Jol, S., Broekman, C. (2018). Understanding Human Factors in Cyber Security as a Dynamic System. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60585-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60584-5

  • Online ISBN: 978-3-319-60585-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation