Towards an Improved Understanding of Human Factors in Cybersecurity

Cybersecurity cannot be addressed by technology alone; the most intractable aspects are in fact sociotechnical. As a result, the 'human factor' has been recognised as being the weakest and most obscure link in creating safe and secure digital environments. This study examines the subjective and often complex nature of human factors in the cybersecurity context through a systematic literature review of 27 articles which span across technical, behavior and social sciences perspectives. Results from our study suggest that there is still a predominately a technical focus, which excludes the consideration of human factors in cybersecurity. Our literature review suggests that this is due to a lack of consolidation of the attributes pertaining to human factors; the application of theoretical frameworks; and a lack of in-depth qualitative studies. To ensure that these gaps are addressed, we propose that future studies take into consideration (a) consolidating the human factors; (b) examining cyber security from an interdisciplinary approach; (c) conducting additional qualitative research whilst investigating human factors in cybersecurity.

[2]  Wu He,et al.  Gender difference and employees' cybersecurity behaviors , 2017, Comput. Hum. Behav..

[3]  Malcolm Robert Pattinson,et al.  Individual differences and Information Security Awareness , 2017, Comput. Hum. Behav..

[4]  Tero Vartiainen,et al.  What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..

[5]  Christoph Rosenkranz,et al.  The Clash of Cultures in Information Technology Outsourcing Relationships: An Institutional Logics Perspective , 2016, Global Sourcing Workshop.

[6]  Punit Ahluwalia,et al.  The More Secure the Better?A Study of Information Security Readiness , 2011, Ind. Manag. Data Syst..

[7]  Alessandro Oltramari,et al.  Towards a Human Factors Ontology for Cyber Security , 2015, STIDS.

[8]  Tom L. Roberts,et al.  Examining the Relationship of Organizational Insiders' Psychological Capital with Information Security Threat and Coping Appraisals , 2017, Comput. Hum. Behav..

[9]  Taewon Moon,et al.  Organizational Cultural Intelligence: Dynamic Capability Perspective , 2010 .

[10]  Mariana Cains,et al.  Trust as a Human Factor in Holistic Cyber Security Risk Assessment , 2015 .

[11]  Nitesh Saxena,et al.  Neural Markers of Cybersecurity: An fMRI Study of Phishing and Malware Warnings , 2016, IEEE Transactions on Information Forensics and Security.

[12]  David E. Avison,et al.  Cross-cultural (mis)communication in IS offshoring: understanding through conversation analysis , 2008, J. Inf. Technol..

[13]  W. R. King,et al.  Information systems offshoring: research status and issues , 2008 .

[14]  Adam N. Joinson,et al.  What is 'Cyber Security'?: Differential Language of Cyber Security Across the Lifespan , 2019, CHI Extended Abstracts.

[15]  Roman Beck,et al.  The role of cultural intelligence for the emergence of negotiated culture in IT offshore outsourcing projects , 2009, Inf. Technol. People.

[16]  Jing Chen,et al.  The Role of Human Factors/Ergonomics in the Science of Security , 2015, Hum. Factors.

[17]  W. Tolman,et al.  Social Engineering , 2014, Encyclopedia of Social Network Analysis and Mining.

[18]  Leandros A. Maglaras,et al.  Human behaviour as an aspect of cybersecurity assurance , 2016, Secur. Commun. Networks.

[19]  D. Henshel,et al.  Integrating Cultural Factors into Human Factors Framework and Ontology for Cyber Attackers , 2016 .

[20]  Robert Thomson,et al.  The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance , 2018, Front. Psychol..

[21]  L. Hadlington Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours , 2017, Heliyon.

[22]  Jordan Shropshire,et al.  Personality, attitudes, and intentions: Predicting initial adoption of information security behavior , 2015, Comput. Secur..

[23]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[24]  Wu He,et al.  Investigating the impact of cybersecurity policy awareness on employees' cybersecurity behavior , 2019, Int. J. Inf. Manag..

[25]  Kuang-Wei Wen,et al.  Impacts of Comprehensive Information Security Programs on Information Security Culture , 2015, J. Comput. Inf. Syst..

[26]  P. Trivellas,et al.  The Human Factor of Information Security: Unintentional Damage Perspective☆ , 2014 .

[27]  Dan Craigen,et al.  Defining Cybersecurity , 2014 .

[28]  Malcolm Robert Pattinson,et al.  Factors that Influence Information Security Behavior: An Australian Web-Based Study , 2015, HCI.

[29]  Ben D. Sawyer,et al.  Hacking the Human: The Prevalence Paradox in Cybersecurity , 2018, Hum. Factors.

[30]  Jouni Isoaho,et al.  Information Security Awareness in Educational Institution: An Analysis of Students' Individual Factors , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[31]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[32]  Michael Lardschneider,et al.  Social Engineering , 2008, Datenschutz und Datensicherheit - DuD.

[33]  Michael D. Myers,et al.  Design ethnography in information systems , 2015, Inf. Syst. J..

[34]  Nadine Guhr,et al.  Personality Traits and Information Security Management: An Empirical Study of Information Security Executives , 2012, ICIS.

[35]  Özlem Müge Testik,et al.  Analysis of personal information security behavior and awareness , 2016, Comput. Secur..

[36]  Robert E. Crossler,et al.  User Motivations in Protecting Information Security: Protection Motivation Theory Versus Self-Determination Theory , 2017, J. Manag. Inf. Syst..

[37]  Shamal Faily,et al.  Persona-centred information security awareness , 2017, Comput. Secur..