Abstract
Compliance and an increasing level of cyber maturity form crucial part of corporate defence systems and are the basis of any well-functioning cyber security programme. As the scope of compliance widens with the maturity of the organisation, the human element needs to be addressed as well. Cyber maturity assessments, red teaming and capture the flag exercises help simulate the threat vectors tactics, tools and procedures, give defenders an insight into the enemy motives and help mitigate technical exposure. However, most of these exercises are being delivered with an exclusive aim to achieve technical learning and address incidents on a technical vulnerability level. This chapter looks at how can organisations – having achieved the necessary compliance and governance standards – understand and address human behaviour as cyber security threat. These can be team member’s individual blind-spots and glitches in high-risk team dynamics, which are, if ineffective, are considered system vulnerabilities. When these risk behaviours have been identified and addressed with targeted interventions and training, organisations will be able to mitigate the human risk directly, just as they would patch their on-line systems or scan their networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aiken M (2016) The cyber effect. Spiegel & Grau, New York
Bank of England stages day of war games to combat cyber-attacks (2018) The Guardian. (Online). Available at https://www.theguardian.com/business/2018/nov/09/bank-of-england-stages-war-games-combat-cyber-attacks-data-breaches. Accessed 11 Nov 2018
Cyber Exercise Playbook (2014) The Mitre Corporation. (Online). Available at: https://www.pdffiller.com/211594986-pr_14-3929-cyber-exercise-playbookpdf-Cyber-Exercise-Playbook-Mitre-Corporation-mitre-Various-Fillable-Forms. Accessed 31 Oct 2018
Cyber Storm Final Report (2016) US Homeland Security. (Online). Available at https://www.dhs.gov/publication/cyber-storm-final-reports. Accessed 06 Nov 2018
Deloitte’s GDPR Benchmarking Survey (2018) Deloitte. [Online]. Available at https://www2.deloitte.com/global/en/pages/risk/articles/deloitte-gdpr-benchmarking-survey-the-time-is-now.html. Accessed 07 Nov 2018
IT Glossary. Gartner. (Online). Available at https://blogs.gartner.com/it-glossary/identity-and-access-management-iam/. Accessed 07 Nov 2018
Minimum Cyber Security Standard (2018) UK Government. [Online]. Available at https://www.gov.uk/government/publications/the-minimum-cyber-security-standard. Accessed 07 Nov 2018
MOD (2010) The development, concepts and doctrine centre (DCDC), Red teaming guide, 2010 Accessed https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/142533/20130301_red_teaming_ed2.pdf
NIST 800-53 vs ISO 27002 vs NIST Cybersecurity Framework? (2018) Complianceforge. [Online]. Available at https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002.html. Accessed 07 Nov 2018
The Global State of Information Security® Survey (2018). PWC (Online). Available at https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey.html. Accessed 31 Oct 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Pappenheim da Silva, B., da Silva, A.J., Davidsen, J.E. (2019). Information Security Governance, Technology, Processes and People: Compliance and Organisational Readiness. In: Jahankhani, H., Kendzierskyj, S., Jamal, A., Epiphaniou, G., Al-Khateeb, H. (eds) Blockchain and Clinical Trial. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-11289-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-11289-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11288-2
Online ISBN: 978-3-030-11289-9
eBook Packages: Computer ScienceComputer Science (R0)