Finding the Weakest Link in the Interdependent Security Chain Using the Analytic Hierarchy Process

Pan, Chongxia; Wang, Zhong; Mei, Shue

doi:10.18178/jacn.2015.3.4.190

Cited by 3 publications

(4 citation statements)

References 15 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The statistics enumerating the successes of cyber incidents influenced by the ability of attackers to easily con human actors to behave or respond inappropriate to attack and compromise scenarios within their work domains add to the evidence that suggests that human actors are potentially the weakest links (Ashford, 2016). Clearly, all other things being equal including well instituted technical security measures, the record of cyber incidents described in Section 2 also demonstrate facts that intelligent attackers motivated by potential financial gains tend to direct their malicious effort toward less-protected targets (Pan et al, 2015). The attackers aim to compromise potential targets (human actors) with poor or weak abilities to defend infrastructure and information systems from attacks.…”

Section: The Weakest Linkmentioning

confidence: 99%

“…"The weakest link" asset has become a key factor to determine the security level of the chain. If these corporations want to improve the security level of the whole information systems and optimise security chain integration, then they must improve the security level of "the weakest link" (Pan et al, 2015). The question left to be answered remains; how to find the weakest link?…”

Section: The Weakest Linkmentioning

confidence: 99%

“…"Humans", also referred to as "workforce", often present the weakest link in an operational security chain (Mitnick and Simon, 2003), and an organisation security capacity is as weak as its weakest link. Understanding workforces' security capabilities inferred from knowledge and skill measures, deriving a workforce-focused organisational security posture and the Human factor security identification of specific most vulnerable workforce constituents (weakest link) in the system are important for evaluating an overall ICS security posture (Bulgurcu et al, 2010;Aloul, 2012;Pan et al, 2015). A weakest link refers to the personnel with least knowledge and practical proficiency in security for the implementation of ICS security objectives.…”

Section: The Weakest Linkmentioning

confidence: 99%

See 2 more Smart Citations

Human factor security: evaluating the cybersecurity capacity of the industrial workforce

Ani

Tiwari

2019

J of Systems and Info Tech

View full text Add to dashboard Cite

Purpose -As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting humanfactor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.Design/methodology/approach -A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.Findings -Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.Practical implications -The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.Originality/value -This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

show abstract

Section: The Weakest Linkmentioning

confidence: 99%

Section: The Weakest Linkmentioning

confidence: 99%

Section: The Weakest Linkmentioning

confidence: 99%

See 1 more Smart Citation

Human factor security: evaluating the cybersecurity capacity of the industrial workforce

Ani

Tiwari

2019

J of Systems and Info Tech

View full text Add to dashboard Cite

show abstract

“…However, contrary to popular belief that hackers target only big companies, attacks have been increasingly common to home and small office (HOSO) routers as well. This is because hackers hunt poorly managed computer systems (Pan, Zhong, & Mei, 2015) with varied intentions frequently for monetary gain (Australian Institute of Criminology, 2005). So end-users, with the least effort and awareness on cybersecurity landscape, are considered the "weakest link" and the frequent target of cyber attacks (Aloul, 2012).…”

Section: Introductionmentioning

confidence: 99%

Internet Security Awareness of Filipinos: A Survey Paper

Omorog¹,

Medina

2018

IJCSR

View full text Add to dashboard Cite

Purpose-This paper examines the Internet security perception of Filipinos to establish a need and sense of urgency on the part of the government to create a culture of cybersecurity for every Filipino. Method-A quantitative survey was conducted through traditional, online and phone interviews among 252 respondents using a two-page questionnaire that covers basic demographic information and two key elements  (1) Internet usage and (2) security practices. Results-Based on findings, there is a sharp increase of Internet users for the last three years (50%) and most access the Internet through mobile (94.4%). Although at home is the most frequent location for Internet access (94.4%), a good percentage still use free WiFi access points available in malls (22.2%), restaurants (11.1%), and other public areas (38.9%) doing Internet services (email and downloading) that are vulnerable to cyber attacks. The study 15 also revealed that although respondents may have good knowledge of Internet security software, proper implementation is very limited. Conclusion-Filipinos are susceptible to cyber attacks, particularly to phishing and malware attacks. Also, majority of the respondents' Internet security perception is derivative-they practice online measure but with limited understanding of the purpose. Therefore proper education, through training and awareness, is an effective approach to remedy the situation. Recommendations-The Philippine government must now take actions and tap industries to educate Filipinos about Internet security before any negative consequences happen in the future. Research Implications-The information collected sets a clear picture on the importance of cybersecurity awareness from a regional to a global perspective.

show abstract

As strong as the weakest link. Transport and supply chain security

Jażdżewska-Gutta

Borkowski

2022

Transport Reviews

View full text Add to dashboard Cite

Finding the Weakest Link in the Interdependent Security Chain Using the Analytic Hierarchy Process

Cited by 3 publications

References 15 publications

Human factor security: evaluating the cybersecurity capacity of the industrial workforce

Human factor security: evaluating the cybersecurity capacity of the industrial workforce

Internet Security Awareness of Filipinos: A Survey Paper

As strong as the weakest link. Transport and supply chain security

Contact Info

Product

Resources

About