Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1 Agenda • • • • The context Causes Basis Review of field – Selection – Analysis – Future directions 2 3 4 App & Airlines 5 6 Causes • Accidental or non-deliberate causes • Deliberate causes 7 Risk Perception • Perception of risk ---> behavioural decisions. Influenced by – Availability Heuristic, Optimism Bias, Level of control, level of knowledge, Risk Compensation, Cumulative Risks, Influence of familiarity, Influence of framing, Personality & Cognitive style, Influence of social factors • Insiders’ threat – Extension of OB studies 8 Mitigation – Inputs for training? – Enforce baseline security policies and procedures – Extend traditional policy and guidance – Conduct ongoing personnel checks – Implement focused risk assessments – Training for awareness & behavioural change 9 Basis? • Evidence-based approach? – School of medicine – Public policy – Can be extended for curriculum design 10 Source of Attack EY (2015). 1800 Respondents, 60 countries, 25 sectors, June 2014. 11 Changing Behaviour Symantec (2015). Internet Security Threat Report 12 The Need • “more robust evidence-based cyber security policy making is needed, an area which is generally not covered by cyber security strategies” (OECD, 2012) 13 Looking for evidence • Search – keywords – Academic databases • • • • • From 2010 Non-technical content Empirical papers 42 papers Inputs for training / Education? 14 The field • Perceptual data studies – Mix of Quanti. & Quali. studies – Experts as respondents – Self reporting data / Survey • Security Perception & behavior studies – – – – Awareness – knowledge & consequences Intention Password – Creation & sharing behavior Low – Cyber crime experiences (Mostly phishing emails!) • Adequate insights for employees’ & users’ training – Taxonomy 15 Gaps • Need for causal studies of users / victims – Not causally linked to loss • Social factors as differentiators – Missing – Gender, Age, Education, Class • Device Contexts – Mobile devices • Differing information eco system – Impact of network externalities 16 Future directions • Human factors in Cyber Security – Inputs for policy making • • • • Scope for filling the gaps Compete with technologists Computer scientists as advisors Challenging methodologies – Beyond survey 17 Q & A? 18 Thank you! 19 Taxonomy… Stanton et al. (2005) 20
© Copyright 2026 Paperzz