Abstract
Traditional approaches to cyber-security resilience, assuring the overall socio-technical system is secure from immediate known attacks and routes to potential future attacks, have relied on three pillars of people, process, and technology.
In any complex socio-technical system, human behaviour can disrupt the secure and efficient running of the system with risk accumulating through individual and system-wide errors and compromised security behaviours that may be exploited by actors with malicious intent.
Practitioners’ experience and use of different assessment methods and approaches to establish cyber-security vulnerabilities and risk are evaluated. Qualitative and quantitative methods and data are used for different stages of investigations in order to derive risk assessments and access contextual experience for further analyses. Organisational security culture and development approaches along with safety assessment methods are discussed in this case study to understand how well the people, the system, and the organisation interact.
Cyber-security Human Factors practice draws on other application areas such as safety, usability, behaviours and culture to progressively assess security posture; the benefits of each approach are discussed.
This study identifies the most effective methods for vulnerability identification and risk assessment, with focus on modelling large, dynamic and complex socio-technical systems, to be those which identify cultural factors with impact on human-system interactions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Eliminate, Reduce, Isolate, Control, Personal Protective Equipment and Discipline.
References
IEA (2016). In: Shorrock, S., Williams, C.: Human Factors and Ergonomics in Practice, CRC Press, Boca Raton, p. 4 (2017)
Reason, J.: Managing the Risks of Organisational Accidents. Ashgate Publishing Limited, Aldershot (1997)
Hollnagel, E., Woods, D., Leveson, N.: Resilience Engineering: Concepts and Precepts. Ashgate, UK (2006)
Dekker, S.: The Field Guide to Understanding ‘Human Error,’ 3rd edn., p. 12. CRC Press, Boca Raton (2014)
Tileaga, C., Stokoe, E. (eds.): Discursive Psychology, Classic and Contemporary Issues. Routledge, Abingdon (2016)
Langdridge, D.: Phenomenological psychology, theory, research and method, Pearson Education Limited, Harlow (2007)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Fairburn, N., Shelton, A., Ackroyd, F., Selfe, R. (2021). Beyond Murphy’s Law: Applying Wider Human Factors Behavioural Science Approaches in Cyber-Security Resilience. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-77392-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77391-5
Online ISBN: 978-3-030-77392-2
eBook Packages: Computer ScienceComputer Science (R0)