Citation
Furnell, S. and Clarke, N. (2016), "Guest editorial", Information and Computer Security, Vol. 24 No. 2, pp. 138-138. https://doi.org/10.1108/ICS-05-2016-0036
Publisher
:Emerald Group Publishing Limited
Copyright © 2016, Emerald Group Publishing Limited
Human aspects of cyber security
Human aspects are now widely recognized as being a key factor in providing a holistic cyber security solution. The nature of what we mean by human aspects can vary quite considerably, from intuitive aspects such as information security awareness and human-computer interaction to the less instinctive yet still important aspects such as the development of technical solutions that remove or reduce the security burden placed upon individuals. What all these areas have in common is the impact they have upon the people involved.
With this in mind, the Human Aspects of Information Security and Assurance symposium series seeks to provide a forum for a community of related researchers working in this area. In July 2015, the ninth event in the series was held in Mytilene in Lesvos, Greece. A total of 25 reviewed papers were presented over three days. From these, seven authors were invited to submit extended versions of their work for publication in this special issue. The resulting papers are mainly focused upon the key issues of awareness and risk, alongside one further paper looking at the impact upon cyber analysts themselves.
Four of the papers explore aspects of the information security awareness and education domain. Specifically, Da Veiga focuses upon investigating the impact that an information security policy has upon employees through an experimental approach involving 2,000 participants. Meanwhile, Kelley and Bertenthal undertook a study to explore the factors that affect user decision making (focusing specifically on logins to insecure websites), highlighting that attention and past behavior are strong indicators more so than security knowledge. Reid and Van Niekerk present a study into the impact of awareness campaigns using a South African school as a baseline measure. The final awareness paper, from Pattinson et al., seeks to determine the extent to which attitude data could be elicited from the repertory grid technique.
The two risk-related papers seek to better understand the role that people play within the process. Sommestad et al. present an empirical study of the relationship between risk and the constituents of severity and probability. Meanwhile, Alavi et al. present a risk-driven investment model for analyzing human factors.
The final paper takes a different perspective and focuses upon security analysts themselves. In recognition of human error, the study seeks to investigate the factors that affect improvement in analyst’s performance, which in turn is intended to lead to better security as a result.
The papers collectively illustrate a range of relevant activities in the domain of human aspects, and it is certain that the breadth of the area as a whole will continue to offer rich opportunities for further research in the years to come.