Abstract
The perspective of human factors is largely missing from the wider cyber security dialogue and its scope is often limited. We propose a framework in which we consider cyber security as a state of a system. System change is brought on by an entity’s behavior. Interventions are ways of changing entities’ behavior to inhibit undesirable behavior and increase desirable behavior. Choosing an intervention should take into account the dynamic nature of how humans use cyberspace. People are not likely to change old behavior at the drop of a hat. The key is to invent new ways to maintain old behavior in new circumstances. Our framework differentiates three basic pathways of actor behavior that influence the cyber security of a system. The distinction between reflex, habit and thoughtful paths to action does facilitate the endeavor to develop successful interventions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Parsons, K., McCornac, A., Butavicus, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Technical report, DSTO (2010)
Marinos, L., Belmonte, A., Rekleitis, E.: ENISA threat landscape. Technical report, ENISA (2016)
Tofa, D., Theodoros, N., Darra, E.: The cost of incidents affecting CIIs. Technical report, ENISA (2016)
Willisin, R., Warketin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37(1), 1–20 (2013)
Ifinedo, P., Akinnuwesi, B.: Employees’ non-malicious, counterproductive computer security behaviors (CCSB) in Nigeria and Canada: an empirical and comparative analysis. In: Proceedings of 2014 IEEE 6th International Conference on Adaptive Science and Technology (ICAST), Lagos, NG (2014)
CERT Insider Threat Center: Common sense guide to mitigating insider threats, 5th edn. Technical report, Software Engineering Institute (2016)
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)
CERT Insider Threat Center: Unintentional insider threats: social engineering. Technical report, Software Engineering Institute (2014)
Kreamer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput. Secur. 48, 509–520 (2009)
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L., Downs, J: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 373–382. ACM Press, New York (2010)
Kopper, A., Westner, M.: Deriving a framework for causes, consequences, and governance of shadow it from literature. In: Proceedings of MKWI 2016 (2016)
Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organiz tions. Comput. Secur. 56, 70–82 (2016)
CERT Insider Threat Team: Unintentional insider threats: a foundational study. Technical report, Software Engineering Institute (2013)
Oltramari, A., Henshel, D.H., Cains, M., Hoffman., B: Towards a human factors ontology for cyber security. In: Proceedings of the Tenth Conference on Semantic Technology for Intelligence, Defense, and Security, Fairfax, VA, pp 26–33. (2015)
Lampson, B.: Privacy and security usable security: how to get it. Commun. ACM 52, 25–27 (2009)
Caldwell, T.: Making security awareness training work. Comput. Fraud Secur. 2016(6), 8–14 (2016)
Rudis, B., Hayden, L., Kretschmer, G., Sasse, A., Becker, A., Homer, J.: Security awareness report. Technical report, SANS (2016)
Cyber Security Assessment Netherlands (2016). https://www.ncsc.nl/english/current-topics/Cyber+Security+Assessment+Netherlands. Accessed 8 Mar 2017
Bodua, D.J., Graubart, R.: Cyber resiliency engineering framework. Technical report, Mitre Corporation (2011)
Acknowledgements
We would like to thank the following colleagues: Dianne van Hemert, Helma van den Berg, Roy Mente, Allard Kernkamp, and Tjarda Krabbendam-Hersman.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Young, H., van Vliet, T., van de Ven, J., Jol, S., Broekman, C. (2018). Understanding Human Factors in Cyber Security as a Dynamic System. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)