Human Factors in Cybersecurity: A Scoping Review

The 12th International Conference on Advances in Information Technology Pub Date : 2021-06-29 DOI:10.1145/3468784.3468789

Tashfiq Rahman, Rohani Rohan, Debajyoti Pal, P. Kanthamanon

{"title":"Human Factors in Cybersecurity: A Scoping Review","authors":"Tashfiq Rahman, Rohani Rohan, Debajyoti Pal, P. Kanthamanon","doi":"10.1145/3468784.3468789","DOIUrl":null,"url":null,"abstract":"Humans are often considered to be the weakest link in the cybersecurity chain. However, traditionally the Computer Science (CS) researchers have investigated the technical aspects of cybersecurity, focusing on the encryption and network security mechanisms. The human aspect although very important is often neglected. In this work we carry out a scoping review to investigate the take of the CS community on the human-centric cybersecurity paradigm by considering the top conferences on network and computer security for the past six years. Results show that broadly two types of users are considered: expert and non-expert users. Qualitative techniques dominate the research methodology employed, however, there is a lack of focus on the theoretical aspects. Moreover, the samples have a heavy bias towards the Western community, due to which the results cannot be generalized, and the effect of culture on cybersecurity is a lesser known aspect. Another issue is with respect to the unavailability of standardized security-specific scales that can measure the cybersecurity perception of the users. New insights are obtained and avenues for future research are presented.","PeriodicalId":341589,"journal":{"name":"The 12th International Conference on Advances in Information Technology","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 12th International Conference on Advances in Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3468784.3468789","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

Humans are often considered to be the weakest link in the cybersecurity chain. However, traditionally the Computer Science (CS) researchers have investigated the technical aspects of cybersecurity, focusing on the encryption and network security mechanisms. The human aspect although very important is often neglected. In this work we carry out a scoping review to investigate the take of the CS community on the human-centric cybersecurity paradigm by considering the top conferences on network and computer security for the past six years. Results show that broadly two types of users are considered: expert and non-expert users. Qualitative techniques dominate the research methodology employed, however, there is a lack of focus on the theoretical aspects. Moreover, the samples have a heavy bias towards the Western community, due to which the results cannot be generalized, and the effect of culture on cybersecurity is a lesser known aspect. Another issue is with respect to the unavailability of standardized security-specific scales that can measure the cybersecurity perception of the users. New insights are obtained and avenues for future research are presented.

查看原文本刊更多论文

网络安全中的人为因素:范围审查

人类通常被认为是网络安全链中最薄弱的环节。然而，传统的计算机科学(CS)研究人员已经研究了网络安全的技术方面，重点是加密和网络安全机制。人的方面虽然很重要，却常常被忽视。在这项工作中，我们通过考虑过去六年网络和计算机安全的顶级会议，进行了范围审查，以调查CS社区对以人为中心的网络安全范式的看法。结果表明，大致考虑了两种类型的用户:专家和非专家用户。定性技术主导了所采用的研究方法，然而，缺乏对理论方面的关注。此外，样本对西方社区有严重的偏见，因此结果不能一概而论，文化对网络安全的影响是一个鲜为人知的方面。另一个问题是关于标准化的安全特定尺度的不可用性，这种尺度可以衡量用户的网络安全感知。获得了新的见解，并提出了未来研究的途径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The 12th International Conference on Advances in Information Technology

自引率

0.00%

发文量