Beyond Murphy's Law: Applying Wider Human Factors Behavioural Science Approaches in Cyber-Security Resilience An Applied Practice Case Study Discussing Approaches to Assessing Human Factors Vulnerabilities in Cyber-Security Systems

机译：超越墨菲的法律：应用更广泛的人类因素行为科学方法在网络安全性弹性中，应用实践案例研究讨论如何评估网络安全系统中的人类因素漏洞的方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Traditional approaches to cyber-security resilience, assuring the overall socio-technical system is secure from immediate known attacks and routes to potential future attacks, have relied on three pillars of people, process, and technology.In any complex socio-technical system, human behaviour can disrupt the secure and efficient running of the system with risk accumulating through individual and system-wide errors and compromised security behaviours that may be exploited by actors with malicious intent.Practitioners' experience and use of different assessment methods and approaches to establish cyber-security vulnerabilities and risk are evaluated. Qualitative and quantitative methods and data are used for different stages of investigations in order to derive risk assessments and access contextual experience for further analyses. Organisational security culture and development approaches along with safety assessment methods are discussed in this case study to understand how well the people, the system, and the organisation interact.Cyber-security Human Factors practice draws on other application areas such as safety, usability, behaviours and culture to progressively assess security posture; the benefits of each approach are discussed.This study identifies the most effective methods for vulnerability identification and risk assessment, with focus on modelling large, dynamic and complex socio-technical systems, to be those which identify cultural factors with impact on human-system interactions.

机译：传统的网络安全性恢复能力，确保整体社会技术系统是安全的从立即已知的攻击和潜在的未来攻击路线安全，依靠了三大支柱，流程和技术。在任何复杂的社会技术系统，人类行为可能会破坏系统的安全有效运行，风险累积通过个人和系统范围的错误，并且损害了可能被演员利用恶意意图利用的安全行为.PraTitioners的经验和使用不同的评估方法和方法来建立网络 - 评估安全漏洞和风险。定性和定量方法和数据用于不同的调查阶段，以获得风险评估和进入进一步分析的上下文经验。在本案例中讨论了组织安全文化和开发方法以及安全评估方法，以了解人们，系统和组织互动的研究。犬安全人为因素实践在其他应用领域绘制了安全，可用性，行为等其他应用领域和文化逐步评估安全姿势;讨论了每种方法的好处。本研究确定了漏洞识别和风险评估的最有效方法，重点是建模大，动态和复杂的社会技术系统，成为识别对人类交互影响影响的文化因素。

著录项

来源
《International Conference on HCI for Cybersecurity, Privacy and Trust;International Conference on Human-Computer Interaction》|2021年|123-138|共16页
会议地点
作者
Nicola Fairburn; Andrew Shelton; Frances Ackroyd; Rachel Selfe;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Human factors; Cyber-security; Behavioural science; Organisational culture; Security culture; Cyber- resilience; Socio-technical; Safety assessment; Climate; Behavioral; Organizational culture; Socio-behavioural; Sociotechnical;

机译：人为因素;网络安全;行为科学;组织文化;安全文化;网络恢复力;社会技术;安全评估;气候;行为的;组织文化;社会行为;社会科技;
入库时间 2022-08-26 13:58:13

相似文献

外文文献
中文文献
专利

1. Designing medical technology for resilience: integrating health economics and human factors approaches [J] . Simone Borsci, Ijeoma Uchegbu, Peter Buckle, Expert review of medical devices . 2018,第1a6期

机译：设计恢复力的医疗技术：整合卫生经济学和人为因素方法
2. Ecological and hygienic approaches to assessing the risk of nutritional factors to human health [J] . Dotsenko VA, Petukhov AI, Dmitrieva GA, Гигиена и санитария . 2005,第4期

机译：评估营养因素对人体健康的风险的生态和卫生方法
3. Ecological and hygienic approaches to assessing the risk of nutritional factors to human health [J] . Dotsenko VA, Petukhov AI, Dmitrieva GA, Гигиена и санитария . 2005,第4期

机译：评估人类健康营养因素风险的生态和卫生方法
4. What place for Human Reliability Assessment in the Reliability approach and in Human Factors approaches? [C] . Helene PESME, Pierre LE BOT SAM10 . 2012

机译：可靠性方法和人类因素方法中的人类可靠性评估是什么？
5. Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems [D] . Ayereby, Manouan Pierre-Marius. 2018

机译：在最大限度地减少对网络安全生态系统的威胁方面克服数据违规和人为因素
6. Human factors and ergonomics and quality improvement science: integrating approaches for safety in healthcare [O] . Sue Hignett, Emma Leanne Jones, Duncan Miller, -1

机译：人为因素人机工程学和质量改进科学：整合医疗保健安全性方法
7. Decision-making is the process of analyzing information about a problem situation and comparing it to a specific conclusion in order to solve a specific problematic (Yıkılmaz, 2001; Miller and Byrnes, 2001). Decision-making styles are a mechanism that is influenced by the internal and external conditions that determine the direction of the decisions of the individual, the content of the decision-making process, and the outcome of the decision-making process (Payne, Bettman and Johson, 1993; Bavol’ár and Orosová, 2015). ACT is a contemporary member of the Cognitive Behavioral Therapy family. ACT (Acceptance and commitment therapy) has both similar and different directions with Behavioral Therapies and Cognitive Therapies (Herbet and Forman, 2011; Hayes, 2004). KKT responds to classical behavioral treatments using both existential and cognitive approaches in the analysis of behavior. KKT is a science wing that tries to solve human problems with a wider perspective aimed at solving problematic human behaviors (Plumb, Stewart, Dahl and Lundgren, 2009). It is seen that there is very little research about the new approach of ACT approach when the aiming country of our country is screened and it is thought that our country will contribute to the field of psychological counseling with the work done. In the scope of the research, experimental and control groups and preliminary test, post-test and follow-up measurements of 2x3 experimental design were used. The study's study group consists of a total of 24 (12 experimental and 12 control groups) university students studying in different departments and levels, continuing their education in the academic year of 2015-2016 in Ağrı province and İbrahim Chechen University in 2015-2016 academic year. The average age of participants in the experiment and control group is 20. There were 12 participants in the experimental group, 7 female and 5 male, and 12 participants, 7 female and 5 male in the control group. Personal Information Form and Decision Making Style Scale prepared by the researcher were used in the research. In order to decide on the tests to be used in the course of analyzing the data, the scores of the participant's Decision Styles Scale pre-test, which are placed primarily in the experimental and control groups, it was analyzed whether the basic expectations of parametric tests were answered. As a result of the analysis made, the scores, skewness and kurtosis coefficients obtained from the Decision Making Styles Scale were given to the experimental and control groups. It was determined that the distribution was normal in the result of Shapiro-Wilk test, in which the skewness and kurtosis coefficients of each sub-scale were ranked between -1 and +1. Participants in the experimental and control groups; homogeneity test results for decision-style pre-test measurements indicate that the data are homogeneous. According to the results of the Mauchly Globalness Test, it has been determined that working supports the hypothesis. It was determined that there was no significant difference between the pre-test scores obtained from dependent decision-making style of experiment and control groups, but the test group showed lower mean scores at the significant level within the scores of post-test and follow-up tests. Therefore, it can be said that the ACT-oriented psychoeducation program applied to the experimental group reduces the dependent decision-making style scores from the decision style sub-dimensions and the psychoeducation program has a lasting effect. It was determined that there was no significant difference between pre-test, post-test and follow-up scores obtained from the Spontaneous-Instant Decision Style of experiment and control groups. Thus, it can be said that this situation does not cause a significant difference in the Spontaneous-Decision-Making Style scores from the decision style sub-dimensions of the ACT-oriented psychoeducation program applied to the experimental group. The ACT -oriented psychoeducation program had a decline in the intuitive decision-making styles of the individuals, but this decrease did not create significant differences. Thus, it can be said that this situation does not make a meaningful difference in the intuitive decision style scores from the decision style sub-dimensions of the KKT oriented psychoeducation program applied to the experimental group. The pre-test scores obtained from the rational decision-making style of the experimental and control groups showed that there was a difference between the post-test and the follow-up scores, but this difference was not significant. As a result of the analysis, it was determined that the test group had higher levels of rational decision style than the pre - test scores in the post test and follow - up scores, whereas the post test and follow - up test scores in the control group rational decision style showed a decrease compared to the pre - test scores. the pre - test scores. Decision-making Styles Scale Avoidant Decision Making As a result of the analysis of the mean scores of the subscale scores of pre-test, post-test and follow-up measures, the group effect was found to be insignificant. It was determined that the experimental and control groups differed significantly from the pre-test scores obtained from the avoidant decision-making style but did not show any significant change within the scores of the post-test and follow-up tests. [O] . mustafa ercengiz, ali haydar şar 2018

机译：决策是分析有关问题情况的信息并将其与特定结论进行比较的过程，以解决特定的问题（Yıkılmaz，2001; Miller和Byrnes，2001）。决策风格是一种机制，受到内部和外部条件的影响，确定个人决定的方向，决策过程的内容以及决策过程的结果（PAYNE，BETTMAN和BEDNE） Johson，1993;Bavol'ár和奥萨洛瓦，2015）。法案是认知行为治疗家庭的当代成员。行为（验收和承诺治疗）具有与行为疗法和认知疗法的类似和不同方向（Herbet和Forman，2011; Hayes，2004）。 KKT在分析行为中使用存在性和认知方法来响应古典行为治疗方法。 KKT是一个科学翼，试图解决人类问题，旨在解决有问题的人类行为（铅垂，斯图尔特，Dahl和Lundgren，2009）。有人认为，当我们国家的瞄准国家进行筛选时，有关行动方法的新方法几乎没有研究，并且认为我们的国家将为完成工作做出贡献的心理咨询领域。在研究的范围内，使用实验和对照组和初步测试，使用后测试和后续测量的2x3实验设计。该研究的研究小组包括共24名（12个实验和12个对照组）大学学生在不同的部门和水平上学习，在2015-2016学术上继续进行2015-2016的学术年度2015-2016学年年。实验和对照组参与者的平均年龄是20.实验组中有12名参与者，7名女性和5名男性，12名参与者，7名女性和5名男性。研究人员准备的个人信息表格和决策制定风格规模在研究中使用。为了决定在分析数据的过程中使用的测试，参与者的决策风格刻度预测的分数主要在实验和对照组中进行，分析了参数的基本期望吗？测试得到了回答。由于对实验和对照组给出了从决策曲调标度获得的分数，偏移和峰度分子系数。确定该分布是正常的在成熟的-WILK试验结果中，其中每亚级的偏差和刚度系数在-1到+1之间排名。实验和对照组的参与者;决策式预测测量的同质性测试结果表明数据是均匀的。根据毛毛环保试验的结果，已确定工作支持假设。据确定，从依赖决策风格的实验和对照组获得的预测分数之间没有显着差异，但测试组在测试后的分数内显示出较低的平均分数和后续的分数 - 测试。因此，可以说，应用于实验组的面向活动的心理教育程序减少了决策风格子维度的依赖决策风格分数，并且心理教育程序具有持久的效果。据确定，从实验和对照组自发决策风格获得的预测试，测试后和后续评分之间没有显着差异。因此，可以说这种情况不会导致从应用于实验组的活动导向的心理教育程序的决策风格分数的自发决策风格分数显着差异。行为的心理教育计划在个人直观的决策风格下降，但这种减少并没有产生显着的差异。因此，可以说，这种情况不会在从应用于实验组的KKT导向的心理教育程序的决策风格分数中产生有意义的决策风格分数。从实验和对照组的理性决策风格获得的预测分数显示后检验后和随访评分之间存在差异，但这种差异并不重要。由于分析，确定测试组的理性决策风格较高，而不是后测试和后续分数的预测分数，而对照组合理决策风格的后测试和后续测试分数显示出与预测试分数相比的减少。预测分数。决策款式扩展避免决策由于分析了预测试，测试后和后续措施的班次评分的平均分数，发现群体效应是微不足道的。确定实验和对照组从避免决策风格获得的预测评分中显着不同，但在测试后和后续测试的分数内没有显示出任何重大变化。

Beyond Murphy's Law: Applying Wider Human Factors Behavioural Science Approaches in Cyber-Security Resilience An Applied Practice Case Study Discussing Approaches to Assessing Human Factors Vulnerabilities in Cyber-Security Systems

摘要

著录项

相似文献

相关主题

期刊订阅