Human Factors in Cybersecurity

Humans are the creators of all the technologies that are used today, however they are also the downfall to the use of these technologies. Human factors is a field of psychology that explores how factors related to being a human influences products, process, and systems. Technologies are designed to help the everyday life of a human. The computer used to type this article review up was developed to improve the process of a human writing up a paper with the need to have a physical pencil and paper. Jongkil Jeong, Joanne Mihelcic, Gillian Oliver, and Carsten Rudolph conducted a research project to improve the understanding of human factors in cybersecurity.

Principles of the Social Sciences

In the principle of relativism, the study done informs that human factor is related to the number of cybersecurity related incidents all around the world. “The human side of cybersecurity poses as much of a risk as the technical aspects” (Jeong et al. 2019). Humans are the ones using the technology and some are entrusted with the privileges of maintaining confidential information. Similar to how a firewall protects a network from unauthorized traffic, however the firewall will never go against it’s established rules. A human is likely to expose the network to some vulnerabilities. Moving to objectivity, the author’s goal for the article is to create a baseline of current knowledge in information science and to identify any current gaps in literature (Jeong et al. 2019). The authors are taking past knowledge from other resources and providing the reader a basic understanding of how human factors influence cybersecurity issues. The principle of parsimony is shown in the way that the authors for this article are very knowledgeable in the field of cybersecurity, social sciences, and conducting research studies. The authors can go further into depth with their findings or how they introduce the studies done, however they chose to keep the descriptions simple so that more people not well knowledge on the topic can still comprehend the subject.

The author’s study follows the empiricism principle of social science because the issue of human factor is that someone that had access to a computer and access to a network at a company or organization have the sense of sight and touch to succumb to something like a phishing email attack. In ethical neutrality, the studies the authors are deciding to conduct and the resources they are using to conduct the projects do not have many ethical concerns associated with them. The authors only need to ensure they provide the proper citations, so they are not stealing any information that someone else has created. Finally, the principle of determinism is established within the article by the way the authors had previous events that caused them to come together and want to conduct this research. Determinism is also within the study by showing that there are steps that influence how human factor is the leading cause for issues within cybersecurity.

Research Hypotheses, Methods, and Types of Data

In the article being reviewed, there were three projects being conducted. The first one was aimed to identify human factors that influence an individual’s perception and behavior towards a nation’s cybersecurity strategy. The second project was conducted to improve the readers understanding of how an individual’s perception of safety in digital environments influences the work that they do. The final project was performed to how national culture factors affect the individual’s day-to-day activities pertaining to cybersecurity, which can impact a countries overall cybersecurity capacity level. After determining the hypothesis and purpose of the study, archival research is conducted on literature on extensive databases with specific parameters. First only access to full text literatures was considered, second a time frame from 2009-2019 was used, and lastly only studies which explicitly defined cybersecurity or information security were included (Jeong et al. 2019). A total of 539 studies were identified from the databases and then went through a four-step filtering process to ensure only highly relevant studies were selected for further analysis. The first step was to ensure that the studies were not peer-reviewed, the second step was to eliminate studies that did not include cybersecurity and human factor as keywords. The third step was to eliminate follow-up studies, the final step was to manually analyze carefully selected papers. After the process, only 27 studies were kept and used to conduct the research.

The analysis of the 27 studies were conducted through three classifications, including personality, demographic attributes, and cultural context. Personality was used for the first project and was used to explain an individual’s cognitive process, attitudes, and behavioral outcomes. A key finding was that “personality traits determine the level of compliance towards cybersecurity related polices and training” (Jeong et al. 2019). The demographic attributes were used for the second project and was also broken down into gender, age, education, and experience. The demographic features lie in the ability to help society  better prepare and deal with specific issues related to cybersecurity and hacking incidents. A key finding was that the younger the participant was the higher the risk factor was and someone with more education and experience was more likely to help defend against cyber related incidents. In the last project, cultural context was taken into account in addressing the complexities that cyber risks may differ based on national cultural dimensions.

Class Discussion

In past class discussions, the topic of human factor has come up with recent attacks on a cyber infrastructure. Module 4 to be exact discussed the field of psychology, human factor, that had it’s good and bad situations. When taking human factor into account when security a network, the security for that network will be stronger than one that does not think about human factor. The downside to human factor is that a firewall is never going to go against the rules established for any reason. Humans are somewhat prone to succumbing to their own wants and need and fall for a phishing attack. The research done by the authors mentioned earlier, focusing on discussing how human factor challenges and brings concern to how cybersecurity issues are related to the human factor. The third project of the article even dives into the cultural side of cyber issues and relates to marginalized groups and how they may have specific requirements that limit how they abide by security policies.

Overall contributions to Society

Overall, the study conducted by the authors contribute to the society by highlighting significant gaps in literature and providing recommendations on how these gaps cab be addressed in future research. The main issue in the studies reviewed was the need for additional in-depth qualitative studies. Out of the 27 studies investigated only two were qualitative studies. The approach towards resolving this issue is by on-going awareness activities. “incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data” (Jeong et al. 2019). In the end, the researchers in the article did not make a major leap in social science, however they helped future researchers by providing advice and recommendations towards completing a better and more complete study. In doing so, the future studies can provide a better insight of human factors within cybersecurity and information security.

References

J. Jeong, J. Mihelcic, G. Oliver and C. Rudolph, “Towards an Improved Understanding of Human Factors in Cybersecurity,” 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Los Angeles, CA, USA, 2019, pp. 338-345, doi: 10.1109/CIC48465.2019.00047.