Developing a cyber security culture: Current practices and future needs

• URL: http://arxiv.org/abs/2106.14701v1
• Date: Mon, 28 Jun 2021 13:31:33 GMT
• Title: Developing a cyber security culture: Current practices and future needs
• Authors: Betsy Uchendu and Jason R. C. Nurse and Maria Bada and Steven Furnell
• Abstract summary: We identify and analyse 58 research articles from the last 10 years (2010-2020) Top management support, policy and procedures, and awareness are critical in engendering cyber security culture. Questionnaires and surveys are the most used tool to measure cyber security culture. For practitioners, this article highlights factors and models essential to the creation and management of a robust security culture.
• Score: 2.7719338074999538
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: While the creation of a strong security culture has been researched and discussed for decades, it continues to elude many businesses. Part of the challenge faced is distilling pertinent, recent academic findings and research into useful guidance. In this article, we aim to tackle this issue by conducting a state-of-the-art study into organisational cyber security culture research. This work investigates four questions, including how cyber security culture is defined, what factors are essential to building and maintaining such a culture, the frameworks proposed to cultivate a security culture and the metrics suggested to assess it. Through the application of the PRISMA systematic literature review technique, we identify and analyse 58 research articles from the last 10 years (2010-2020). Our findings demonstrate that while there have been notable changes in the use of terms (e.g., information security culture and cyber security culture), many of the most influential factors across papers are similar. Top management support, policy and procedures, and awareness for instance, are critical in engendering cyber security culture. Many of the frameworks reviewed revealed common foundations, with organisational culture playing a substantial role in crafting appropriate cyber security culture models. Questionnaires and surveys are the most used tool to measure cyber security culture, but there are also concerns as to whether more dynamic measures are needed. For practitioners, this article highlights factors and models essential to the creation and management of a robust security culture. For research, we produce an up-to-date characterisation of the field and also define open issues deserving of further attention such as the role of change management processes and national culture in an enterprise's cyber security culture.

Related papers

• A Culturally-Aware Tool for Crowdworkers: Leveraging Chronemics to Support Diverse Work Styles [1.650108379424673]
  Crowdsourcing markets are expanding worldwide, but often feature standardized interfaces that ignore the cultural diversity of their workers. This paper proposes creating culturally-aware workplace tools, specifically designed to adapt to the cultural dimensions of monochronic and polychronic work styles. We illustrate this approach with "CultureFit," a tool that we engineered based on extensive research in Chronemics and culture theories.
  arXiv  Detail & Related papers  (2024-07-31T21:22:41Z)
• Critical Infrastructure Security: Penetration Testing and Exploit Development Perspectives [0.0]
  This paper reviews literature on critical infrastructure security, focusing on penetration testing and exploit development. Findings of this paper reveal inherent vulnerabilities in critical infrastructure and sophisticated threats posed by cyber adversaries. The review underscores the necessity of continuous and proactive security assessments.
  arXiv  Detail & Related papers  (2024-07-24T13:17:07Z)
• Extrinsic Evaluation of Cultural Competence in Large Language Models [53.626808086522985]
  We focus on extrinsic evaluation of cultural competence in two text generation tasks. We evaluate model outputs when an explicit cue of culture, specifically nationality, is perturbed in the prompts. We find weak correlations between text similarity of outputs for different countries and the cultural values of these countries.
  arXiv  Detail & Related papers  (2024-06-17T14:03:27Z)
• Individual and Contextual Variables of Cyber Security Behaviour -- An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour [0.0]
  National culture, industry type, and organisational security culture play are influential variables of individuals' security behaviour. Security awareness, security knowledge, and prior experience with security incidents are found to be influential variables of security behaviour. Findings provide practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour.
  arXiv  Detail & Related papers  (2024-05-25T12:57:17Z)
• What You Use is What You Get: Unforced Errors in Studying Cultural Aspects in Agile Software Development [2.9418191027447906]
  Investigating the influence of cultural characteristics is challenging due to the multi-faceted concept of culture. Cultural and social aspects are of high importance for their successful use in practice.
  arXiv  Detail & Related papers  (2024-04-25T20:08:37Z)
• Massively Multi-Cultural Knowledge Acquisition & LM Benchmarking [48.21982147529661]
  This paper introduces a novel approach for massively multicultural knowledge acquisition. Our method strategically navigates from densely informative Wikipedia documents on cultural topics to an extensive network of linked pages. Our work marks an important step towards deeper understanding and bridging the gaps of cultural disparities in AI.
  arXiv  Detail & Related papers  (2024-02-14T18:16:54Z)
• Information Forensics and Security: A quarter-century-long journey [66.16120845232525]
  Information Forensics and Security (IFS) is an active R&D area whose goal is to ensure that people use devices, data, and intellectual properties for authorized purposes. For over a quarter century since the 1990s, the IFS research area has grown tremendously to address the societal needs of the digital information era.
  arXiv  Detail & Related papers  (2023-09-21T15:13:35Z)
• Entity Graph Extraction from Legal Acts -- a Prototype for a Use Case in Policy Design Analysis [52.77024349608834]
  This paper presents a prototype developed to serve the quantitative study of public policy design. Our system aims to automate the process of gathering legal documents, annotating them with Institutional Grammar, and using hypergraphs to analyse inter-relations between crucial entities.
  arXiv  Detail & Related papers  (2022-09-02T10:57:47Z)
• Measuring Commonality in Recommendation of Cultural Content: Recommender Systems to Enhance Cultural Citizenship [67.5613995938273]
  We introduce commonality as a new measure that reflects the degree to which recommendations familiarize a given user population with specified categories of cultural content. Our results demonstrate that commonality captures a property of system behavior complementary to existing metrics and suggest the need for alternative, non-personalized interventions in recommender systems oriented to strengthening cultural citizenship across populations of users.
  arXiv  Detail & Related papers  (2022-08-02T19:14:49Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Cyber Security Behaviour In Organisations [0.0]
  This review explores the academic and policy literature in the context of everyday cyber security in organisations. It identifies four behavioural sets that influences how people practice cyber security. These are compliance with security policy, intergroup coordination and communication, phishing/email behaviour, and password behaviour.
  arXiv  Detail & Related papers  (2020-04-24T14:17:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.