Annotated Bibliography
Ramon Lee
Old Dominion University
CYSE 201S: Cybersecurity, Technology, and Society
Dr. Matthew Umphlet
June 28, 2025
Smith, A., Lee, B., & Patel, C. (2023). Understanding user behavior for enhancing
cybersecurity training: An XR-based framework for user behavior analysis in critical
infrastructure settings. *Information, 15*(12), 814. https://doi.org/10.3390/info15120814
This peer-reviewed article introduces an XR-based cybersecurity training framework
designed to analyze real-time user behavior during simulated cyber-attacks in critical
infrastructure environments. Through gamification and data collection modules, the study
provides insights into how users respond under pressure.
It is methodologically sound, published in a scholarly journal (*Information*), and uses a
detailed case study of a water treatment facility to test its system. This makes it reliable,
practical, and academically strong.
This source contributes to my research by showing how immersive simulations enhance
behavioral preparedness, supporting my argument that experiential learning is vital for
cybersecurity training.
Khadka, K., & Ullah, A. B. (2025). Human factors in cybersecurity: An interdisciplinary
review and framework proposal. *International Journal of Information Security and
Privacy.* https://doi.org/10.1007/s10207-025-01032-0
This article reviews how human psychology and social behaviors impact cybersecurity.
The authors propose the Human-Centric Cybersecurity Framework (HCCF), which
incorporates adaptive communication, ethical AI, and inclusivity into security strategies.
The journal is peer-reviewed and interdisciplinary. The authors draw from psychology,
sociology, and policy to build a credible and applicable model. The article clearly fills a
gap in literature on human-centered design.
This source is useful to my review because it emphasizes the need to integrate human
behavior into cybersecurity, and gives me a framework to support my claim for more
inclusive, socially informed defense strategies.
Mulahuwaish, A., Qolomany, B., Gyorick, K., Bou Abdo, J., Aledhari, M., Qadir, J., &
Carley, K. (2025). A survey of social cybersecurity: Techniques for attack detection,
evaluations, challenges, and future prospects. *Computers in Human Behavior Reports,
18*, 100668. https://doi.org/10.1016/j.chbr.2025.100668
This survey article explores social cybersecurity, a growing field that studies digital
manipulation like bots, deepfakes, and disinformation. It reviews detection tools and
outlines future challenges in evaluating these threats across platforms.
As a recent, peer-reviewed article from *Computers in Human Behavior Reports*, the
survey is scholarly and up-to-date. It is especially strong in its breakdown of current
detection models and its proposed research directions.
I will use this to support my argument that cybersecurity must include sociotechnical
threats, and that protecting users from manipulation is just as important as protecting
systems from hacking.
Almansoori, A., Al-Emran, M., & Shaalan, K. (2023). Exploring the frontiers of
cybersecurity behavior: A systematic review of studies and theories. *Applied Sciences,
13*(9), 5700. https://doi.org/10.3390/app13095700
This systematic review evaluates 39 studies on cybersecurity behavior and identifies that
most rely on Protection Motivation Theory (PMT). The authors argue for new models
that include group behavior, organizational settings, and cultural context.
The article is scholarly, published in *Applied Sciences*, and uses a clear methodology
to identify gaps in behavioral cybersecurity research.
This article helps me show that the field needs broader frameworks and supports my plan
to recommend policy and training that considers team and cultural factors