Human Capability Evaluation Approach for Cyber Security in Critical Industrial Infrastructure

Every organization is as frail as its frailest human link in the cyber security of Industry Control System (ICS), which is without predisposition to conceivable technological solutions for enforcing security. Noticeably, human-involved systems are becoming more chaotic, and gravely under attacks due to irregular actions or inactions of human entities in the constituent chain. Many industrial cyber-attacks have successfully defeated technological security solutions through preying on human weaknesses in knowledge and skills, and manipulating insiders within organizations into unsuspectingly delivering entry and access to sensitive industrial assets. In order to help enterprises assess the level of employees’ cyber security awareness and responsiveness, and enhance ICS Cyber security knowledge and skills for ICS protection, a Workforce Cyber Security Capability evaluation model is presented, and theoretically validated. A capability evaluation will allow industries to have a better understanding of the potential state of consciousness, readiness and diagnostic abilities of the industries; thus improve the prevention, detection, and response to any cyber-specific incidents.

[1]  Joseph Weiss,et al.  Cyber Security Policy Guidebook: Bayuk/Cyber Security Policy , 2012 .

[2]  Patricia Toth,et al.  A Role-Based Model for Federal Information Technology/Cybersecurity Training (3rd Draft) , 2014 .

[3]  Thomas Alfred Johnson Cybersecurity : Protecting Critical Infrastructures From Cyber Attack And Cyber Warfare , 2018 .

[4]  Cleotilde Gonzalez,et al.  Cognition and Technology , 2014, Cyber Defense and Situational Awareness.

[5]  Konstantin Beznosov,et al.  Towards understanding IT security professionals and their tools , 2007, SOUPS '07.

[6]  Celeste Lyn Paul,et al.  A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness , 2013, HCI.

[7]  Marcus A. Butavicius,et al.  Human Factors and Information Security: Individual, Culture and Security Environment , 2010 .

[8]  Rajesh Kumar Goutam Importance of Cyber Security , 2015 .

[9]  Cleotilde Gonzalez,et al.  Effects of cyber security knowledge on attack detection , 2015, Comput. Hum. Behav..

[10]  Mary Ellen Zurko User-centered security: stepping up to the grand challenge , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[11]  Peng Liu,et al.  Experience-based cyber situation recognition using relaxable logic patterns , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[12]  Daniel R. Tesone,et al.  Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts , 2005 .

[13]  Chelsa Russell Security Awareness - Implementing an Effective Strategy , 2002 .

[14]  Jennifer L. Bayuk,et al.  Cyber Security Policy Guidebook , 2012 .

[15]  F. Aloul The Need for Effective Information Security Awareness , 2011 .

[16]  S. Manikandan,et al.  Measures of central tendency: The mean , 2011, Journal of pharmacology & pharmacotherapeutics.