Leveraging human factors in cybersecurity: an integrated methodological approach

Daniele Ruscio, Alessandro Pollini, Tiziana C. Callari, Alessandra Tedeschi, Luca Save, Franco Chiarugi, Davide Guerri

Risultato della ricerca: Contributo in rivistaArticolo in rivista

Abstract

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.
Lingua originaleEnglish
pagine (da-a)N/A-N/A
RivistaCOGNITION TECHNOLOGY AND WORK
DOI
Stato di pubblicazionePubblicato - 2021

Keywords

  • Cyber-security
  • Cognition
  • Working Environment
  • Human Factors

Fingerprint

Entra nei temi di ricerca di 'Leveraging human factors in cybersecurity: an integrated methodological approach'. Insieme formano una fingerprint unica.

Cita questo