To read this content please select one of the options below:

Socio-technical systems cybersecurity framework

Masike Malatji (Postgraduate School of Engineering Management, University of Johannesburg, Johannesburg, South Africa)
Sune Von Solms (Department of Electrical Engineering Science, University of Johannesburg, Johannesburg, South Africa)
Annlizé Marnewick (Postgraduate School of Engineering Management, University of Johannesburg, Johannesburg, South Africa)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 11 February 2019

Issue publication date: 28 May 2019

1956

Abstract

Purpose

This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.

Design/methodology/approach

The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.

Findings

The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.

Practical implications

This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.

Originality/value

The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.

Keywords

Citation

Malatji, M., Von Solms, S. and Marnewick, A. (2019), "Socio-technical systems cybersecurity framework", Information and Computer Security, Vol. 27 No. 2, pp. 233-272. https://doi.org/10.1108/ICS-03-2018-0031

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited

Related articles