制定行为网络安全战略:组织的五步方法

IF 4.1 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Tommy van Steen
{"title":"制定行为网络安全战略:组织的五步方法","authors":"Tommy van Steen","doi":"10.1016/j.csi.2024.103939","DOIUrl":null,"url":null,"abstract":"<div><div>With cybercriminals’ increased attention for human error as attack vector, organisations need to develop strategies to address behavioural risks if they want to keep their organisation secure. The traditional focus on awareness campaigns does not seem suitable for this goal and other avenues of applying the behavioural sciences to this field need to be explored. This paper outlines a five-step approach to developing a behavioural cybersecurity strategy to address this issue. The five steps consist of first deciding whether a solely technical solution is feasible before turning to nudging and affordances, cybersecurity training, and behavioural change campaigns for specific behaviours. The final step is to develop and implement a feedback loop that is used to assess the effectiveness of the strategy and inform organisations about next steps that can be taken. Beyond outlining the five-step approach, a research agenda is discussed aimed at strengthening each of the five steps and helping organisations in becoming more cybersecure by implementing a behavioural cybersecurity strategy.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103939"},"PeriodicalIF":4.1000,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Developing a behavioural cybersecurity strategy: A five-step approach for organisations\",\"authors\":\"Tommy van Steen\",\"doi\":\"10.1016/j.csi.2024.103939\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With cybercriminals’ increased attention for human error as attack vector, organisations need to develop strategies to address behavioural risks if they want to keep their organisation secure. The traditional focus on awareness campaigns does not seem suitable for this goal and other avenues of applying the behavioural sciences to this field need to be explored. This paper outlines a five-step approach to developing a behavioural cybersecurity strategy to address this issue. The five steps consist of first deciding whether a solely technical solution is feasible before turning to nudging and affordances, cybersecurity training, and behavioural change campaigns for specific behaviours. The final step is to develop and implement a feedback loop that is used to assess the effectiveness of the strategy and inform organisations about next steps that can be taken. Beyond outlining the five-step approach, a research agenda is discussed aimed at strengthening each of the five steps and helping organisations in becoming more cybersecure by implementing a behavioural cybersecurity strategy.</div></div>\",\"PeriodicalId\":50635,\"journal\":{\"name\":\"Computer Standards & Interfaces\",\"volume\":\"92 \",\"pages\":\"Article 103939\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-10-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Standards & Interfaces\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0920548924001089\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548924001089","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

随着网络犯罪分子越来越重视将人为错误作为攻击载体,企业要想确保自身安全,就需要制定战略来应对行为风险。传统的宣传活动似乎并不适合这一目标,因此需要探索将行为科学应用于这一领域的其他途径。本文概述了针对这一问题制定行为网络安全战略的五步方法。这五个步骤包括:首先决定单纯的技术解决方案是否可行,然后再转向引导和承受能力、网络安全培训以及针对特定行为的行为改变运动。最后一步是开发和实施反馈回路,用于评估战略的有效性,并告知组织可采取的下一步措施。除了概述五步方法外,还讨论了研究议程,旨在加强五个步骤中的每一步,帮助组织通过实施行为网络安全战略来提高网络安全。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Developing a behavioural cybersecurity strategy: A five-step approach for organisations
With cybercriminals’ increased attention for human error as attack vector, organisations need to develop strategies to address behavioural risks if they want to keep their organisation secure. The traditional focus on awareness campaigns does not seem suitable for this goal and other avenues of applying the behavioural sciences to this field need to be explored. This paper outlines a five-step approach to developing a behavioural cybersecurity strategy to address this issue. The five steps consist of first deciding whether a solely technical solution is feasible before turning to nudging and affordances, cybersecurity training, and behavioural change campaigns for specific behaviours. The final step is to develop and implement a feedback loop that is used to assess the effectiveness of the strategy and inform organisations about next steps that can be taken. Beyond outlining the five-step approach, a research agenda is discussed aimed at strengthening each of the five steps and helping organisations in becoming more cybersecure by implementing a behavioural cybersecurity strategy.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computer Standards & Interfaces
Computer Standards & Interfaces 工程技术-计算机:软件工程
CiteScore
11.90
自引率
16.00%
发文量
67
审稿时长
6 months
期刊介绍: The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信