Developing a cyber security culture: Current practices and future needs
- URL: http://arxiv.org/abs/2106.14701v1
- Date: Mon, 28 Jun 2021 13:31:33 GMT
- Title: Developing a cyber security culture: Current practices and future needs
- Authors: Betsy Uchendu and Jason R. C. Nurse and Maria Bada and Steven Furnell
- Abstract summary: We identify and analyse 58 research articles from the last 10 years (2010-2020)
Top management support, policy and procedures, and awareness are critical in engendering cyber security culture.
Questionnaires and surveys are the most used tool to measure cyber security culture.
For practitioners, this article highlights factors and models essential to the creation and management of a robust security culture.
- Score: 2.7719338074999538
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: While the creation of a strong security culture has been researched and
discussed for decades, it continues to elude many businesses. Part of the
challenge faced is distilling pertinent, recent academic findings and research
into useful guidance. In this article, we aim to tackle this issue by
conducting a state-of-the-art study into organisational cyber security culture
research. This work investigates four questions, including how cyber security
culture is defined, what factors are essential to building and maintaining such
a culture, the frameworks proposed to cultivate a security culture and the
metrics suggested to assess it. Through the application of the PRISMA
systematic literature review technique, we identify and analyse 58 research
articles from the last 10 years (2010-2020). Our findings demonstrate that
while there have been notable changes in the use of terms (e.g., information
security culture and cyber security culture), many of the most influential
factors across papers are similar. Top management support, policy and
procedures, and awareness for instance, are critical in engendering cyber
security culture. Many of the frameworks reviewed revealed common foundations,
with organisational culture playing a substantial role in crafting appropriate
cyber security culture models. Questionnaires and surveys are the most used
tool to measure cyber security culture, but there are also concerns as to
whether more dynamic measures are needed. For practitioners, this article
highlights factors and models essential to the creation and management of a
robust security culture. For research, we produce an up-to-date
characterisation of the field and also define open issues deserving of further
attention such as the role of change management processes and national culture
in an enterprise's cyber security culture.
Related papers
- SoK: Unifying Cybersecurity and Cybersafety of Multimodal Foundation Models with an Information Theory Approach [58.93030774141753]
Multimodal foundation models (MFMs) represent a significant advancement in artificial intelligence.
This paper conceptualizes cybersafety and cybersecurity in the context of multimodal learning.
We present a comprehensive Systematization of Knowledge (SoK) to unify these concepts in MFMs, identifying key threats.
arXiv Detail & Related papers (2024-11-17T23:06:20Z) - A Culturally-Aware Tool for Crowdworkers: Leveraging Chronemics to Support Diverse Work Styles [1.650108379424673]
Crowdsourcing markets are expanding worldwide, but often feature standardized interfaces that ignore the cultural diversity of their workers.
This paper proposes creating culturally-aware workplace tools, specifically designed to adapt to the cultural dimensions of monochronic and polychronic work styles.
We illustrate this approach with "CultureFit," a tool that we engineered based on extensive research in Chronemics and culture theories.
arXiv Detail & Related papers (2024-07-31T21:22:41Z) - Critical Infrastructure Security: Penetration Testing and Exploit Development Perspectives [0.0]
This paper reviews literature on critical infrastructure security, focusing on penetration testing and exploit development.
Findings of this paper reveal inherent vulnerabilities in critical infrastructure and sophisticated threats posed by cyber adversaries.
The review underscores the necessity of continuous and proactive security assessments.
arXiv Detail & Related papers (2024-07-24T13:17:07Z) - Extrinsic Evaluation of Cultural Competence in Large Language Models [53.626808086522985]
We focus on extrinsic evaluation of cultural competence in two text generation tasks.
We evaluate model outputs when an explicit cue of culture, specifically nationality, is perturbed in the prompts.
We find weak correlations between text similarity of outputs for different countries and the cultural values of these countries.
arXiv Detail & Related papers (2024-06-17T14:03:27Z) - Individual and Contextual Variables of Cyber Security Behaviour -- An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour [0.0]
National culture, industry type, and organisational security culture play are influential variables of individuals' security behaviour.
Security awareness, security knowledge, and prior experience with security incidents are found to be influential variables of security behaviour.
Findings provide practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour.
arXiv Detail & Related papers (2024-05-25T12:57:17Z) - What You Use is What You Get: Unforced Errors in Studying Cultural Aspects in Agile Software Development [2.9418191027447906]
Investigating the influence of cultural characteristics is challenging due to the multi-faceted concept of culture.
Cultural and social aspects are of high importance for their successful use in practice.
arXiv Detail & Related papers (2024-04-25T20:08:37Z) - Massively Multi-Cultural Knowledge Acquisition & LM Benchmarking [48.21982147529661]
This paper introduces a novel approach for massively multicultural knowledge acquisition.
Our method strategically navigates from densely informative Wikipedia documents on cultural topics to an extensive network of linked pages.
Our work marks an important step towards deeper understanding and bridging the gaps of cultural disparities in AI.
arXiv Detail & Related papers (2024-02-14T18:16:54Z) - Information Forensics and Security: A quarter-century-long journey [66.16120845232525]
Information Forensics and Security (IFS) is an active R&D area whose goal is to ensure that people use devices, data, and intellectual properties for authorized purposes.
For over a quarter century since the 1990s, the IFS research area has grown tremendously to address the societal needs of the digital information era.
arXiv Detail & Related papers (2023-09-21T15:13:35Z) - Measuring Commonality in Recommendation of Cultural Content: Recommender
Systems to Enhance Cultural Citizenship [67.5613995938273]
We introduce commonality as a new measure that reflects the degree to which recommendations familiarize a given user population with specified categories of cultural content.
Our results demonstrate that commonality captures a property of system behavior complementary to existing metrics and suggest the need for alternative, non-personalized interventions in recommender systems oriented to strengthening cultural citizenship across populations of users.
arXiv Detail & Related papers (2022-08-02T19:14:49Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Cyber Security Behaviour In Organisations [0.0]
This review explores the academic and policy literature in the context of everyday cyber security in organisations.
It identifies four behavioural sets that influences how people practice cyber security.
These are compliance with security policy, intergroup coordination and communication, phishing/email behaviour, and password behaviour.
arXiv Detail & Related papers (2020-04-24T14:17:46Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.