The paper presents an interdisciplinary approach to tackling cybersecurity related human error in organizations. It follows an interdisciplinary human factor-oriented cybersecurity approach and explores the relevant human behaviour to identify three areas of concern for improving cyber resilience: (1.) human error, (2.) malicious insiders and (3.) legal and ethical threats. Strategies for tackling these areas of concern focus on enhancing knowledge, skills and attitudes on the individual level and shaping relevant (management) contexts at the organizational level. The paper concludes with seven recommendations based on a broad literature review of cybersecurity training (problem-oriented solution behaviour, training customization, multi-channel training regime, building up of motivation to learn, performing skills in trainings, evaluation and assessment mechanisms, integration of management). The conclusion emphasises the value of the interdisciplinary approach to implement ethical considerations and to systematically and measurably address relevant individual and organizational attributes for improved cyber resilience.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

An Interdisciplinary Approach to Tackling the Field of Human Factors in the Cybersecurity of Financial Organizations: Concepts, Strategies and Recommendations

  • Eva-Maria Griesbacher,
  • Martin Griesbacher,
  • Paul Rabel,
  • Robin Renwick

摘要

The paper presents an interdisciplinary approach to tackling cybersecurity related human error in organizations. It follows an interdisciplinary human factor-oriented cybersecurity approach and explores the relevant human behaviour to identify three areas of concern for improving cyber resilience: (1.) human error, (2.) malicious insiders and (3.) legal and ethical threats. Strategies for tackling these areas of concern focus on enhancing knowledge, skills and attitudes on the individual level and shaping relevant (management) contexts at the organizational level. The paper concludes with seven recommendations based on a broad literature review of cybersecurity training (problem-oriented solution behaviour, training customization, multi-channel training regime, building up of motivation to learn, performing skills in trainings, evaluation and assessment mechanisms, integration of management). The conclusion emphasises the value of the interdisciplinary approach to implement ethical considerations and to systematically and measurably address relevant individual and organizational attributes for improved cyber resilience.