Abstract
As societies become more connected, the nature and response to crises are becoming increasingly complex as well. Crises can affect our societies in unpredictable ways and thus require different actors to bring information together to take appropriate actions. However, as the number and diversity of actors increases, so does the quality and variety of information systems. Especially considering the increased availability and accessibility of technologies available together, process and exchange information.
While these developments provide a high potential to improved information sharing, these options also present certain risks. Individual organizations may have measures, training, and policies in place for daily routines to mitigate these risks. During a crisis however, these measures can become a constraint, especially when sharing information in an inter-organizational and cross-boundary context. People in the crisis response team may not appreciate the risks, need to improvise, or even circumvent measures.
In this paper, we examine the increased cybersecurity risks associated with the increased use of information technologies used in and facilitating information management during a crisis response. Using a serious gaming research method we examine how, in the context of crisis response, these factors are exacerbated under the pressure of time, uncertainty and coordination challenges. From this we identify the need for increased awareness about the risks of information technologies and sharing in heterogenous stakeholder environments. Specifically, a cultural change and need for additional capacities to understand, assess, and mitigate risks involved as the number of actors, systems, and technological options keep increasing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hakak, S., Khan, W., Imran, M., Choo, K.: Have you been a victim of COVID-19-related cyber incidents? Survey, taxonomy and mitigation strategies. IEEE Access 8, 124134–124144 (2020)
Samonas, S., Coss, D.: The CIA strikes back: redefining confidentiality, integrity and availability in security. J. Inf. Syst. Secur. 10(3) (2014)
IBM: Cyber Security Intelligence Index (2014). Retrieved from IBM security services: https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/IBMSecurityServices2014.PDF
Anderson, J.: Computer security technology planning study (1972)
Khatib, R., Barki, H.: How different rewards tend to influence employee non-compliance with information security policies. Inf. Comput. Secur. 30, 97–116 (2021)
Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manage. 49(3–4), 190–198 (2012)
Pham, H., Brennan, L., Richardson, J.: Review of behavioural theories in security compliance and research challenge. In: Informating Science and Information Technology Education Conference, pp. 65–76 (2017)
Ertan, A., Crossland, G., Health, C., Denny, D., Jensen, R.: Everyday Cyber Security in Organisations (2020)
Kirlappos, I., Parkin, S., Sasse, M.: Learning from “shadow security”: why understanding non-compliance provides the basis for effective security (2014)
Tam, L., Glassman, M., Vandenwauver, M.: The psychology of password management: a tradeoff between security and convenience. Behav. Inf. Technol. 29(3), 233–244 (2010)
Tari, F., Ozok, A., Holden, S.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 56–66. ACM (2006)
Stitilis, D., Pakutinskas, P., Malinauskaite, I.: EU and NATO cybersecurity strategies and national cyber security strategies: a comparative analysis. Secur. J. 30(4), 1151–1168 (2017)
Albrechtsen, E., Hovden, J.: The information security digital divide between information security managers and users. Comput. Secur. 28(6), 476–490 (2009)
Van de Walle, B., Turoff, M.: Emergency reponse information systems: emerging trends and technologies. Commun. ACM 50(3), 29–31 (2007)
Nespeca, V., Comes, T., Meesters, K., Brazier, T.: Towards coordinated self-organization: an actor-centered framework for the design of disaster management information systems. Int. J. Disaster Risk Reduction 51, 101887 (2020)
Comes, T., Van de Walle, B., Van Wassenhove, L.: The coordination-information bubble in humanitarian response: theoretical foundations and empirical investigations. Prod. Oper. Manag. 29(11), 2484–2507 (2020)
Darcy, J., Stobaugh, H., Walker, P., Maxwell, D.: The use of evidence in humanitarian decision making. ACAPS Operational Learning Paper (2013)
Solinska Nowak, A., et al.: An overview of serious games for disaster risk management – prospects and limitations for informing actions to arrest increasing risk. Int. J. Disaster Risk Reduction 31, 1013–1029 (2018)
Mayer, I.: The gaming of policy and the politics of gaming: a review. Simul. Gaming 40(6), 825–862 (2009)
Meesters, K., Olthof, I., Van de Walle, B.: Disaster in my backyard: a serious game to improve community disaster resilience. In: Proceedings of the European Conference on Games Based Learning, vol. 2, pp. 714–722 (2014)
Grimm, P.: Social desirability bias. Wiley International Encyclopedia of Marketing (2010)
United Nations: 2021 floods: UN researchers aim to better prepare for climate risks (2022). Retrieved from unric: https://unric.org/en/2021-floods-un-researchers-aim-to-better-prepare-for-climate-risks/
Hennink, M., Kaiser, B., Marconi, V.: Code saturation versus meaning saturation: how many interviews are enough? Qual. Health Res. 27(4), 591–608 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 IFIP International Federation for Information Processing
About this paper
Cite this paper
Stassen, J., Pirannejad, A., Meesters, K. (2023). Cyber Security Policies in Crisis Response: Exploring the Predicament of Creating Safe But Workable Systems. In: Gjøsæter, T., Radianti, J., Murayama, Y. (eds) Information Technology in Disaster Risk Reduction. ITDRR 2022. IFIP Advances in Information and Communication Technology, vol 672. Springer, Cham. https://doi.org/10.1007/978-3-031-34207-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-34207-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-34206-6
Online ISBN: 978-3-031-34207-3
eBook Packages: Computer ScienceComputer Science (R0)