Human factors in cybersecurity: an in depth analysis of user centric studies
DOI:
https://doi.org/10.58471/esaprom.v3i01.3832Keywords:
Cybersecurity, Human Factors, User-Centric Studies, Operational Efficiency, Strategic Decision-MakingAbstract
This study delves into the intricate intersection of human behavior, cognition, and technology within the cybersecurity domain, aiming to enhance our understanding of the human-centric challenges influencing the effectiveness of cybersecurity measures. The primary objective is to unravel the nuanced landscape where human errors persist as a significant contributing factor to security breaches, emphasizing the need for a holistic comprehension of human factors. The study recognizes the evolving nature of work, with an increasing number of individuals operating from home, and the consequential challenges in managing human factors in the digital era. The blurring lines between private and public lives, coupled with the rise of social credit systems, necessitate a thorough examination of key elements intersecting with cybersecurity Employing a systematic literature review, this research methodically identifies, filters, and analyzes pertinent literature concerning human-centric factors in cybersecurity. The systematic approach involves the formulation of specific research questions guiding the study, strategic search plans targeting reputable databases, and meticulous study selection processes based on predefined criteria The study unfolds through a series of interconnected research questions, addressing the impact of human factors on operational efficiency, challenges in the adoption of human-centric approaches, and the ways in which human factors influence strategic decision-making in cybersecurity. The results shed light on the substantial contribution of understanding user behavior and cognitive processes to the development of tailored cybersecurity strategies. Challenges, such as security fatigue and the scarcity of psychology-based professionals, are addressed, advocating for human factors engineering and strategic initiatives to enhance education and training programs. In conclusion, embracing a human-centric paradigm emerges as imperative for organizations striving to fortify their defenses against dynamic and sophisticated cyber threats. Integrating technology with a profound understanding of human factors becomes the cornerstone for shaping a resilient and adaptive cybersecurity future.
References
Bureau, S. (2018). Human-centered cybersecurity: A new approach to securing networks. Research at RIT. Rochester Institute of Technology Research Report, Fall/Winter 2017-2018. [DOI: Not available]
Carter, W.A. (2017). Forces shaping the cyber threat landscape for financial institutions. SWIFT Institute Working Paper No. 2016-004, October 2, 2017. Retrieved from https://csis-prod.s3.amazonaws.com/s3fspublic/171006_Cyber_Threat_Landscape%20_Carter.pdf
Clark, A. (2013). Whatever next? Predictive brains, situated agents, and the future of cognitive science. Behavioral and brain sciences, 36(3), 181-204. [DOI: 10.1017/S0140525X12000477]
Coffey, J. W. (2017). Ameliorating sources of human error in cybersecurity: technological and human-centered approaches. In The 8th International Multi-Conference on Complexity, Informatics, and Cybernetics, Pensacola (pp. 85-88). [DOI: Not available]
Gyunka, B. A., & Christiana, A. O. (2017). Analysis of human factors in cyber security: A case study of anonymous attack on Hbgary. Computing & Information Systems, 21(2), 10-18. Retrieved from http://cis.uws.ac.uk/ [DOI: 10.1080/20464177.2016.1237033]
Hakimi, M., Ahmady, E., Shahidzay, A. K., Fazil, A. W., Quchi, M. M., & Akbari, R. (2023). Securing Cyberspace: Exploring the Efficacy of SVM (Poly, Sigmoid) and ANN in Malware Analysis. Cognizance Journal of Multidisciplinary Studies, 3(12), 199-208.
Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346. [DOI: 10.1016/j.heliyon. 2017.e00346]
Holstein, W.K. & Chapanis, A. (2018, May 11). Human factors engineering. Encyclopedia Britannica. Encyclopedia Britannica, Inc. Retrieved from
https://www.britannica.com/topic/human-factors-engineering [DOI: Not available]
Lee, Y. H., Park, J., & Jang, T. I. (2011). The human factors approaches to reduce human errors in nuclear power plants. In Nuclear Power-Control, Reliability and Human Factors. InTech. [DOI: 10.5772/20564]
Mancuso, V. F., Strang, A. J., Funke, G. J., & Finomore, V. S. (2014, September). Human factors of cyber-attacks: a framework for human-centered research. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 58, No. 1, pp. 437-441). Sage CA: Los Angeles, CA: SAGE Publications. [DOI:
1177/1541931214581242]
Hasas, A., Zarinkhail, M. S., Hakimi, M., & Quchi, M. M. (2024). Strengthening Digital Security: Dynamic Attack Detection with LSTM, KNN, and Random Forest. Journal of Computer Science and Technology Studies, 6(1), 49–57.
https://doi.org/10.32996/jcsts.2024.6.1.6
Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. (2014). The human factor of information security: Unintentional damage perspective. Procedia-Social and Behavioral Sciences, 147, 424-428. [DOI:
1016/j.sbspro.2014.07.110]
National Science and Technology Council. (2016 February). Networking and Information Technology Research and Development Program. Ensuring Prosperity and National Security. Retrieved on March 3, 2018,
https://www.nitrd.gov/cybersecurity/publications/2016_Federal_Cybersecurity_Research_and_Development_Strategic_Plan.pdf [DOI: 10.1007/s00779-018-01271-2]
Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. HOLISTICA–Journal of Business and Public Administration, 9(3), 71-88. doi: 10.2478/hjbpa-2018-0024 [DOI: Not available]
Paustenbach, D. J. (Ed.). (2015). Human and Ecological Risk Assessment: Theory and Practice (Wiley Classics Library). John Wiley & Sons. [DOI: 10.1201/b19026-15]
Abdul Wajid Fazil, Musawer Hakimi, & Amir Kror Shahidzay. (2024). A COMPREHENSIVE REVIEW OF BIAS IN AI ALGORITHMS. Nusantara Hasana Journal, 3(8), 1–11. https://doi.org/10.59003/nhj.v3i8.1052
Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & Security, 31(4), 597-611. [DOI:
1016/j.cose.2011.08.010]
Stanton, B., Theofanos, M. F., Prettyman, S. S., & Furman, S. (2016). Security Fatigue. IT Professional, 18(5), 26-32. [DOI: 10.1109/MITP.2016.112]
Fazil, A. W., Hakimi, M., Sajid, S., Quchi, M. M., & Khaliqyar, K. Q. (2023). Enhancing Internet Safety and Cybersecurity Awareness among Secondary and High School Students in Afghanistan: A Case Study of Badakhshan Province. American Journal of Education and Technology, 2(4), 50–61. https://doi.org/10.54536/ajet.v2i4.2248
Taylor, J., McAlaney, J., Hodge, S., Thackray, H., Richardson, C., James, S., & Dale, J. (2017, April). Teaching psychological principles to cybersecurity students. In 2017 IEEE Global Engineering Education Conference (EDUCON) (pp. 1782-1789). IEEE. [DOI: 10.1109/EDUCON.2017.7942998]
Georgalis, J., Karapistoli, E., & Mouratidis, H. (2015). A systematic mapping study on security and privacy in the Internet of Things. Journal of Information Security and Applications, 41, 99-115. [DOI: 10.1016/j.jisa.2018.03.004]
Metalidou, E., Goumopoulos, C., Papadopoulos, G. A., & Karatza, H. D. (2019). Cognitive workload and individual differences: predicting operator performance in a discrete-event simulation environment. Journal of Ambient Intelligence and Humanized Computing, 10(8), 3141-3155. [DOI: 10.1007/s12652-018-0948-2]
Hasib, M. (2015). Cybersecurity Leadership: Powering the Modern Organization. CRC Press. [DOI: 10.1201/b19026-6]
Atlam, H. F., Azad, M. A., Alassafi, M. O., Alshdadi, A. A., & Alenezi, A. (2020). Risk-Based Access Control Model: A Systematic Literature Review. MDPI Journal. https://www.researchgate.net/publication/342106113_Risk-Based_Access_Control_Model_A_Systematic_Literature_Review (Accessed on Jan 15, 2024).
ForcePoint. (2018). "The Human Point – The Intersection of People and Cybersecurity." Retrieved from [https://www.forcepoint.com/cyber-edu/human-point].
Cuffe, J., & Phelan, E. (2020, June 17). Key Factors in Human Behaviour for Cyber-Security. Cyber Ireland. https://cyberireland.ie/key-factors-in-human-behaviour-for-cyber-security/
