An exploratory study on the human component using a cultural model to define open research topics for secure socio-technical systems

IF 12.5 1区社会学 Q1 SOCIAL ISSUES

Technology in Society Pub Date : 2025-06-19 DOI:10.1016/j.techsoc.2025.103000

Amanda Brockinton , Mattia Salnitri , Francesca Kooner-Evans , John McAlaney , Shelley Thompson

{"title":"An exploratory study on the human component using a cultural model to define open research topics for secure socio-technical systems","authors":"Amanda Brockinton , Mattia Salnitri , Francesca Kooner-Evans , John McAlaney , Shelley Thompson","doi":"10.1016/j.techsoc.2025.103000","DOIUrl":null,"url":null,"abstract":"<div><div>Social engineering attacks like phishing emails target the human component of the whole socio-technical system (STS) of an organisation. These human components are exploited by actors to gain access and breach the whole system with examples like ransomware, pretexting, and even physical presences such as tailgating. Exploratory interviews investigate human components in organisations from six professionals with cybersecurity, psychology, and/or cyberpsychology backgrounds. Each interview lasted 30–45 min and were conducted remotely. Due to the sensitive nature of the cybersecurity field, participants were given full anonymity, meaning that interviews are not quoted directly. Results of the thematic analysis (TA) created six themes from the dataset: the weakest link narrative; influences (external and internal); the knowing-doing gap (a disconnect between knowledge and action); technology is always changing/security is always changing (security can always be better); the professional-client relationship in security and; the integration of technology and human behaviour in security. Additionally, results suggested that a thematic analysis is a useful multidisciplinary approach to help understand directions of future research. This is because of its explanatory power in describing how human components can be better integrated into systems to create more robust security cultures in organisations.</div></div>","PeriodicalId":47979,"journal":{"name":"Technology in Society","volume":"83 ","pages":"Article 103000"},"PeriodicalIF":12.5000,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Technology in Society","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0160791X25001903","RegionNum":1,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL ISSUES","Score":null,"Total":0}

引用次数: 0

Abstract

Social engineering attacks like phishing emails target the human component of the whole socio-technical system (STS) of an organisation. These human components are exploited by actors to gain access and breach the whole system with examples like ransomware, pretexting, and even physical presences such as tailgating. Exploratory interviews investigate human components in organisations from six professionals with cybersecurity, psychology, and/or cyberpsychology backgrounds. Each interview lasted 30–45 min and were conducted remotely. Due to the sensitive nature of the cybersecurity field, participants were given full anonymity, meaning that interviews are not quoted directly. Results of the thematic analysis (TA) created six themes from the dataset: the weakest link narrative; influences (external and internal); the knowing-doing gap (a disconnect between knowledge and action); technology is always changing/security is always changing (security can always be better); the professional-client relationship in security and; the integration of technology and human behaviour in security. Additionally, results suggested that a thematic analysis is a useful multidisciplinary approach to help understand directions of future research. This is because of its explanatory power in describing how human components can be better integrated into systems to create more robust security cultures in organisations.

查看原文本刊更多论文

使用文化模型对人类成分进行探索性研究，以定义安全社会技术系统的开放研究主题

像网络钓鱼邮件这样的社会工程攻击针对的是一个组织的整个社会技术系统（STS）的人类组成部分。攻击者利用这些人为因素来获取访问权限并破坏整个系统，例如勒索软件、借口，甚至是尾随等物理存在。探索性访谈从六个具有网络安全，心理学和/或网络心理学背景的专业人士中调查组织中的人类成分。每次访谈持续30-45分钟，远程进行。由于网络安全领域的敏感性，参与者完全匿名，这意味着采访不会被直接引用。主题分析（TA）的结果从数据集中创建了六个主题：最薄弱环节叙事；影响（外部和内部）；知行差距（知识和行动之间的脱节）；技术总是在变化/安全总是在变化（安全总是可以更好）；安全领域的专业客户关系；安全技术与人类行为的结合。此外，研究结果表明，专题分析是一种有用的多学科方法，有助于了解未来的研究方向。这是因为它在描述如何将人类组件更好地集成到系统中以在组织中创建更健壮的安全文化方面具有解释力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Technology in Society Multiple-

CiteScore

17.90

自引率

14.10%

发文量

316

审稿时长

60 days

期刊介绍： Technology in Society is a global journal dedicated to fostering discourse at the crossroads of technological change and the social, economic, business, and philosophical transformation of our world. The journal aims to provide scholarly contributions that empower decision-makers to thoughtfully and intentionally navigate the decisions shaping this dynamic landscape. A common thread across these fields is the role of technology in society, influencing economic, political, and cultural dynamics. Scholarly work in Technology in Society delves into the social forces shaping technological decisions and the societal choices regarding technology use. This encompasses scholarly and theoretical approaches (history and philosophy of science and technology, technology forecasting, economic growth, and policy, ethics), applied approaches (business innovation, technology management, legal and engineering), and developmental perspectives (technology transfer, technology assessment, and economic development). Detailed information about the journal's aims and scope on specific topics can be found in Technology in Society Briefings, accessible via our Special Issues and Article Collections.