Leveraging human factors in cybersecurity: an integrated methodological approach

Pollini, Alessandro; Callari, Tiziana C.; Tedeschi, Alessandra; Ruscio, Daniele; Save, Luca; Chiarugi, Franco; Guerri, Davide

doi:10.1007/s10111-021-00683-y

Cited by 76 publications

(70 citation statements)

References 110 publications

(133 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Individual or personal factors investigate the individual reasoning and decision-making behind security behavior [ 95 ]. This study identified 31 distinct individual factors ( Table 8 ) from the selected studies that empirically influence information security behavior.…”

Section: Resultsmentioning

confidence: 99%

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

et al. 2022

View full text Add to dashboard Cite

This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.

show abstract

Section: Resultsmentioning

confidence: 99%

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Protection and defense of analogue and digital electronic devices, their communications channels, their processing and control logic and algorithms stands better to improve in Cameroon when organizations begin to proactively adopt a user-centered perspective. According to Pollini et al (2021), better cyber-security culture does not always correspond with more rule compliant behavior; conflicts among cybersecurity rules and procedures may even trigger human vulnerabilities.…”

Section: Discussionmentioning

confidence: 99%

“…2021). Cybersecurity threat is becoming more frequent and the threat according to Pollini, Callari, and Tedeschi (2021) include: online fraud, distributed denial of service, drive by download, and social engineering attacks. The changing nature of cybersecurity is exploiting instances of human error or negligence along with system vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

An Assessment of Employee Knowledge, Awareness, Attitude towards Organizational Cybersecurity in Cameroon

Nikel¹,

Amaechi²

2022

NCT

View full text Add to dashboard Cite

In our increasingly digitized and interconnected society, people are poorly protected against cyberthreats, with the main reason being user behavior. Human behavior and actions are unpredictable in nature and this make human an important element and enabler of cybersecurity. The objective of the study is promotion of adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organizations in Cameroon. We conducted a subjective study to measure the level of employees’ knowledge and general awareness, risky behavior they engage in, and attitude toward various aspects of cybersecurity and cyberthreats to show the need for user education, training, and awareness. For the study described in this paper, a self-report questionnaire was developed and data were collected from 214 participants. The results of a descriptive statistic percentage indicated that less than 50% of respondents have completed or has regular training program. We find that over 61% of the participants do not have sufficient knowledge of their organization cyber security policies. Among other findings, the over 60% of employees’ mistakes or violations of security policy are not disciplined or penalized is a demonstration of lack of legal status of cyber-attacks. Cyber resilience in any organization is a responsibility shared by both management and employees. Proactive human management element that can actively hunt for malicious activity and indicators of compromise is recommended.

show abstract

“…There is a need of such kind of research so that railway workforce will be aware of cyber hygiene to be followed. This can be done by transferring cybersecurity workforce knowledge to railways from other available literature such as, NIST guide to the National Initiative for Cybersecurity Education (NICE) cybersecurity workforce framework, 140,141 cybersecurity workforce development and training for critical infrastructure and nation, [142][143][144] human-centric cybersecurity research, 145 human factors in cybersecurity [146][147][148] and soon. Some of the researchers have provided a set of recommendations and literature to enhance cybersecurity workforce culture within railway organizations.…”

Section: Not Enough Studies On Human Factormentioning

confidence: 99%

A review on cybersecurity in railways

Kour

Patwardhan

Thaduri

et al. 2022

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

Digitalisation is transforming the railway globally. One of the major considerations in digital transformation of any industry including the railway is the increased exposure to cyberattacks. The railway industry is vulnerable to these attacks because since the number of digital items and also number of interfaces between digital and physical components in the railway systems keep increasing. Increased number of items and interfaces require new frameworks, concepts and architectures to ensure the railway system’s resilience with respect to cybersecurity challenges, such as lack of proactiveness, lack of holistic perspective and obsolescence of safety systems exposed to current and future cyber threats landscape. To this date, there are several works carried out in the literature that studied the cybersecurity aspects and its application on railway infrastructure. However, to develop and implement an appropriate roadmap to cybersecurity in railways, there is a need of describing emerging challenges, and approaches to deal with these challenges and the possibilities and benefits of these. Hence, the objective of this paper is to provide a systematic review and outline cybersecurity emerging trends and approaches, and also to identify possible solutions by querying literature, academic and industrial, for future directions. The authors of this paper conducted separate searches through four popular databases, that is, Google Scholar, Scopus, Web of Science and IEEE explore. For the screening process, authors have used keywords with Boolean operators and database filters and identified 90 articles most relevant to the study domain. The analysis of 90 articles shows that majority of the cybersecurity studies lies within the railways are conceptual and lags in application of Artificial Intelligence (AI) based security. Like other industries, it is very important that railways should also follow latest security technologies, trends and train their workforce for cyber hygiene since railways are already in digitalization transition mode.

show abstract

Leveraging human factors in cybersecurity: an integrated methodological approach

Cited by 76 publications

References 110 publications

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

An Assessment of Employee Knowledge, Awareness, Attitude towards Organizational Cybersecurity in Cameroon

A review on cybersecurity in railways

Contact Info

Product

Resources

About