Visible to the public Biblio

Found 326 results

Filters: Keyword is cybersecurity  [Clear All Filters]
Rosser, Holly, Mayor, Maylene, Stemmler, Adam, Ahuja, Vinod, Grover, Andrea, Hale, Matthew.  2022.  Phish Finders: Crowd-powered RE for anti-phishing training tools. 2022 IEEE 30th International Requirements Engineering Conference Workshops (REW). :130–135.
Many organizations use internal phishing campaigns to gauge awareness and coordinate training efforts based on those findings. Ongoing content design is important for phishing training tools due to the influence recency has on phishing susceptibility. Traditional approaches for content development require significant investment and can be prohibitively costly, especially during the requirements engineering phase of software development and for applications that are constantly evolving. While prior research primarily depends upon already known phishing cues curated by experts, our project, Phish Finders, uses crowdsourcing to explore phishing cues through the unique perspectives and thought processes of everyday users in a realistic yet safe online environment, Zooniverse. This paper contributes qualitative analysis of crowdsourced comments that identifies novel cues, such as formatting and typography, which were identified by the crowd as potential phishing indicators. The paper also shows that crowdsourcing may have the potential to scale as a requirements engineering approach to meet the needs of content labeling for improved training tool development.
ISSN: 2770-6834
Dong, Siyuan, Fan, Zhong.  2022.  Cybersecurity Threats Analysis and Management for Peer-to-Peer Energy Trading. 2022 IEEE 7th International Energy Conference (ENERGYCON). :1–6.
The distributed energy resources (DERs) have significantly stimulated the development of decentralized energy system and changed the way how the energy system works. In recent years, peer-to-peer (P2P) trading has drawn attention as a promising alternative for prosumers to engage with the energy market more actively, particular by using the emerging blockchain technology. Blockchain can securely hold critical information and store data in blocks linking with chain, providing a desired platform for the P2P energy trading. This paper provides a detailed description of blockchain-enabled P2P energy trading, its essential components, and how it can be implemented within the local energy market An analysis of potential threats during blockchain-enabled P2P energy trading is also performed, which subsequently results in a list of operation and privacy requirements suggested to be implemented in the local energy market.
Alanzi, Mataz, Challa, Hari, Beleed, Hussain, Johnson, Brian K., Chakhchoukh, Yacine, Reen, Dylan, Singh, Vivek Kumar, Bell, John, Rieger, Craig, Gentle, Jake.  2022.  Synchrophasors-based Master State Awareness Estimator for Cybersecurity in Distribution Grid: Testbed Implementation & Field Demonstration. 2022 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1–5.
The integration of distributed energy resources (DERs) and expansion of complex network in the distribution grid requires an advanced two-level state estimator to monitor the grid health at micro-level. The distribution state estimator will improve the situational awareness and resiliency of distributed power system. This paper implements a synchrophasors-based master state awareness (MSA) estimator to enhance the cybersecurity in distribution grid by providing a real-time estimation of system operating states to control center operators. In this paper, the implemented MSA estimator utilizes only phasor measurements, bus magnitudes and angles, from phasor measurement units (PMUs), deployed in local substations, to estimate the system states and also detects data integrity attacks, such as load tripping attack that disconnects the load. To validate the proof of concept, we implement this methodology in cyber-physical testbed environment at the Idaho National Laboratory (INL) Electric Grid Security Testbed. Further, to address the "valley of death" and support technology commercialization, field demonstration is also performed at the Critical Infrastructure Test Range Complex (CITRC) at the INL. Our experimental results reveal a promising performance in detecting load tripping attack and providing an accurate situational awareness through an alert visualization dashboard in real-time.
Milov, Oleksandr, Khvostenko, Vladyslav, Natalia, Voropay, Korol, Olha, Zviertseva, Nataliia.  2022.  Situational Control of Cyber Security in Socio-Cyber-Physical Systems. 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). :1–6.

The features of socio-cyber-physical systems are presented, which dictate the need to revise traditional management methods and transform the management system in such a way that it takes into account the presence of a person both in the control object and in the control loop. The use of situational control mechanisms is proposed. The features of this approach and its comparison with existing methods of situational awareness are presented. The comparison has demonstrated wider possibilities and scope for managing socio-cyber-physical systems. It is recommended to consider a wider class of types of relations that exist in socio-cyber-physical systems. It is indicated that such consideration can be based on the use of pseudo-physical logics considered in situational control. It is pointed out that it is necessary to design a classifier of situations (primarily in cyberspace), instead of traditional classifiers of threats and intruders.

Cabral, Warren Z., Sikos, Leslie F., Valli, Craig.  2022.  Shodan Indicators Used to Detect Standard Conpot Implementations and Their Improvement Through Sophisticated Customization. 2022 IEEE Conference on Dependable and Secure Computing (DSC). :1—7.
Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.
Silva, Ryan, Hickert, Cameron, Sarfaraz, Nicolas, Brush, Jeff, Silbermann, Josh, Sookoor, Tamim.  2022.  AlphaSOC: Reinforcement Learning-based Cybersecurity Automation for Cyber-Physical Systems. 2022 ACM/IEEE 13th International Conference on Cyber-Physical Systems (ICCPS). :290—291.
Achieving agile and resilient autonomous capabilities for cyber defense requires moving past indicators and situational awareness into automated response and recovery capabilities. The objective of the AlphaSOC project is to use state of the art sequential decision-making methods to automatically investigate and mitigate attacks on cyber physical systems (CPS). To demonstrate this, we developed a simulation environment that models the distributed navigation control system and physics of a large ship with two rudders and thrusters for propulsion. Defending this control network requires processing large volumes of cyber and physical signals to coordi-nate defensive actions over many devices with minimal disruption to nominal operation. We are developing a Reinforcement Learning (RL)-based approach to solve the resulting sequential decision-making problem that has large observation and action spaces.
Mead, Nancy R..  2022.  Critical Infrastructure Protection and Supply Chain Risk Management. 2022 IEEE 30th International Requirements Engineering Conference Workshops (REW). :215—218.
Critical infrastructure is a key area in cybersecurity. In the U.S., it was front and center in 1997 with the report from the President’s Commission on Critical Infrastructure Protection (PCCIP), and now affects countries worldwide. Critical Infrastructure Protection must address all types of cybersecurity threats - insider threat, ransomware, supply chain risk management issues, and so on. Unsurprisingly, in the past 25 years, the risks and incidents have increased rather than decreased and appear in the news daily. As an important component of critical infrastructure protection, secure supply chain risk management must be integrated into development projects. Both areas have important implications for security requirements engineering.
Tunc, Cihan, Hariri, Salim.  2022.  Self-Protection for Unmanned Autonomous Vehicles (SP-UAV): Design Overview and Evaluation. 2022 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C). :128—132.
Unmanned autonomous vehicles (UAVs) have been receiving high interest lately due to their wide range of potential deployment options that can touch all aspects of our life and economy, such as transportation, delivery, healthcare, surveillance. However, UAVs have also introduced many new vulnerabilities and attack surfaces that can be exploited by cyberattacks. Due to their complexity, autonomous operations, and being relatively new technologies, cyberattacks can be persistent, complex, and can propagate rapidly to severely impact the main UAV functions such as mission management, support, processing operations, maneuver operations, situation awareness. Furthermore, such cyberattacks can also propagate among other UAVs or even their control stations and may even endanger human life. Hence, we need self-protection techniques with an autonomic management approach. In this paper we present our approach to implement self-protection of UAVs (SP-UAV) such that they can continue their critical functions despite cyberattacks targeting UAV operations or services. We present our design approach and implementation using a unified management interface based on three ports: Configuration, observer, and control ports. We have implemented the SP-UAV using C and demonstrated using different attack scenarios how we can apply autonomic responses without human involvement to tolerate cyberattacks against the UAV operations.
de Oliveira Silva, Hebert.  2022.  CSAI-4-CPS: A Cyber Security characterization model based on Artificial Intelligence For Cyber Physical Systems. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S). :47—48.
The model called CSAI-4-CPS is proposed to characterize the use of Artificial Intelligence in Cybersecurity applied to the context of CPS - Cyber-Physical Systems. The model aims to establish a methodology being able to self-adapt using shared machine learning models, without incurring the loss of data privacy. The model will be implemented in a generic framework, to assess accuracy across different datasets, taking advantage of the federated learning and machine learning approach. The proposed solution can facilitate the construction of new AI cybersecurity tools and systems for CPS, enabling a better assessment and increasing the level of security/robustness of these systems more efficiently.
Culler, Megan J., Morash, Sean, Smith, Brian, Cleveland, Frances, Gentle, Jake.  2021.  A Cyber-Resilience Risk Management Architecture for Distributed Wind. 2021 Resilience Week (RWS). :1–8.
Distributed wind is an electric energy resource segment with strong potential to be deployed in many applications, but special consideration of resilience and cybersecurity is needed to address the unique conditions associated with distributed wind. Distributed wind is a strong candidate to help meet renewable energy and carbon-free energy goals. However, care must be taken as more systems are installed to ensure that the systems are reliable, resilient, and secure. The physical and communications requirements for distributed wind mean that there are unique cybersecurity considerations, but there is little to no existing guidance on best practices for cybersecurity risk management for distributed wind systems specifically. This research develops an architecture for managing cyber risks associated with distributed wind systems through resilience functions. The architecture takes into account the configurations, challenges, and standards for distributed wind to create a risk-focused perspective that considers threats, vulnerabilities, and consequences. We show how the resilience functions of identification, preparation, detection, adaptation, and recovery can mitigate cyber threats. We discuss common distributed wind architectures and interconnections to larger power systems. Because cybersecurity cannot exist independently, the cyber-resilience architecture must consider the system holistically. Finally, we discuss risk assessment recommendations with special emphasis on what sets distributed wind systems apart from other distributed energy resources (DER).
Tall, Anne M., Zou, Cliff C., Wang, Jun.  2021.  Integrating Cybersecurity Into a Big Data Ecosystem. MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM). :69—76.
This paper provides an overview of the security service controls that are applied in a big data processing (BDP) system to defend against cyber security attacks. We validate this approach by modeling attacks and effectiveness of security service controls in a sequence of states and transitions. This Finite State Machine (FSM) approach uses the probable effectiveness of security service controls, as defined in the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The attacks used in the model are defined in the ATT&CK™ framework. Five different BDP security architecture configurations are considered, spanning from a low-cost default BDP configuration to a more expensive, industry supported layered security architecture. The analysis demonstrates the importance of a multi-layer approach to implementing security in BDP systems. With increasing interest in using BDP systems to analyze sensitive data sets, it is important to understand and justify BDP security architecture configurations with their significant costs. The output of the model demonstrates that over the run time, larger investment in security service controls results in significantly more uptime. There is a significant increase in uptime with a linear increase in security service control investment. We believe that these results support our recommended BDP security architecture. That is, a layered architecture with security service controls integrated into the user interface, boundary, central management of security policies, and applications that incorporate privacy preserving programs. These results enable making BDP systems operational for sensitive data accessed in a multi-tenant environment.
Myakotin, Dmitriy, Varkentin, Vitalii.  2021.  Classification of Network Traffic Using Generative Adversarial Networks. 2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). :519–525.
Currently, the increasing complexity of DDoS attacks makes it difficult for modern security systems to track them. Machine learning techniques are increasingly being used in such systems as they are well established. However, a new problem arose: the creation of informative datasets. Generative adversarial networks can help create large, high-quality datasets for machine learning training. The article discusses the issue of using generative adversarial networks to generate new patterns of network attacks for the purpose of their further use in training.
LaMalva, Grace, Schmeelk, Suzanna.  2020.  MobSF: Mobile Health Care Android Applications Through The Lens of Open Source Static Analysis. 2020 IEEE MIT Undergraduate Research Technology Conference (URTC). :1–4.
Data security has become an increasing concern with rampant data security regulation changes and the rampant deployment of technology. The necessity to lock down user data has never been greater. This research contributes to the secure software development of Android applications by identifying data processing concerns following the guidelines put forth by the Open Web Application Security Project “(OWASP) Mobile Top 10.” We found that 43.62% of the applications contained at least one security violation. We will be using an open source tool static analysis tool, MobSF, to review the security of 200 health related Android applications. The security of healthcare related applications should be given special attention, as they store and process highly sensitive information such as blood pressures, pulse rate, body photos, mental-state, OBGYN status, and sleep patterns. Partial automation techniques were utilized. This paper also suggests possible security remediations for the identified security concerns.
BOUIJIJ, Habiba, BERQIA, Amine.  2021.  Machine Learning Algorithms Evaluation for Phishing URLs Classification. 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT). :01—05.
Phishing URL is a type of cyberattack, based on falsified URLs. The number of phishing URL attacks continues to increase despite cybersecurity efforts. According to the Anti-Phishing Working Group (APWG), the number of phishing websites observed in 2020 is 1 520 832, doubling over the course of a year. Various algorithms, techniques and methods can be used to build models for phishing URL detection and classification. From our reading, we observed that Machine Learning (ML) is one of the recent approaches used to detect and classify phishing URL in an efficient and proactive way. In this paper, we evaluate eleven of the most adopted ML algorithms such as Decision Tree (DT), Nearest Neighbours (KNN), Gradient Boosting (GB), Logistic Regression (LR), Naïve Bayes (NB), Random Forest (RF), Support Vector Machines (SVM), Neural Network (NN), Ex-tra\_Tree (ET), Ada\_Boost (AB) and Bagging (B). To do that, we compute detection accuracy metric for each algorithm and we use lexical analysis to extract the URL features.
He, Bingjun, Chen, Jianfeng.  2021.  Named Entity Recognition Method in Network Security Domain Based on BERT-BiLSTM-CRF. 2021 IEEE 21st International Conference on Communication Technology (ICCT). :508–512.
With the increase of the number of network threats, the knowledge graph is an effective method to quickly analyze the network threats from the mass of network security texts. Named entity recognition in network security domain is an important task to construct knowledge graph. Aiming at the problem that key Chinese entity information in network security related text is difficult to identify, a named entity recognition model in network security domain based on BERT-BiLSTM-CRF is proposed to identify key named entities in network security related text. This model adopts the BERT pre-training model to obtain the word vectors of the preceding and subsequent text information, and the obtained word vectors will be input to the subsequent BiLSTM module and CRF module for encoding and sorting. The test results show that this model has a good effect on the data set of network security domain. The recognition effect of this model is better than that of LSTM-CRF, BERT-LSTM-CRF, BERT-CRF and other models, and the F1=93.81%.
Stojkovski, Borce, Lenzini, Gabriele.  2021.  A workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :324–330.
Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing platforms has been notably less investigated by the security research community.Motivated by this research gap, we ground our work in the concrete challenge of understanding users’ perceptions of information sharing in CTI platforms. To this end, we propose a conceptual workflow and toolchain that would seek to verify whether users have an accurate comprehension of how far information travels when shared in a CTI sharing platform.We contextualize our concept within MISP as a use case, and discuss the benefits of our socio-technical approach as a potential tool for security analysis, simulation, or education/training support. We conclude with a brief outline of future work that would seek to evaluate and validate the proposed model.
Selifanov, Valentin V., Doroshenko, Ivan E., Troeglazova, Anna V., Maksudov, Midat M..  2021.  Acceptable Variants Formation Methods of Organizational Structure and the Automated Information Security Management System Structure. 2021 XV International Scientific-Technical Conference on Actual Problems Of Electronic Instrument Engineering (APEIE). :631–635.
To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of many different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, the results of which would provide these options and choose the one that is optimal under given initial parameters and limitations. The problem is solved by reducing the General task with particular splitting the original graph of the automated cyber defense control system into subgraphs. As a result, the organizational composition and the automated cyber defense management system structures will provide a set of acceptable variants, on the basis of which the optimal choice is made under the given initial parameters and restrictions. As a result, admissible variants for the formation technique of organizational structure and structure by the automated control system of cyber defense is received.
Baptiste, Millot, Julien, Francq, Franck, Sicard.  2021.  Systematic and Efficient Anomaly Detection Framework using Machine Learning on Public ICS Datasets. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :292–297.
Industrial Control Systems (ICSs) are used in several domains such as Transportation, Manufacturing, Defense and Power Generation and Distribution. ICSs deal with complex physical systems in order to achieve an industrial purpose with operational safety. Security has not been taken into account by design in these systems that makes them vulnerable to cyberattacks.In this paper, we rely on existing public ICS datasets as well as on the existing literature of Machine Learning (ML) applications for anomaly detection in ICSs in order to improve detection scores. To perform this purpose, we propose a systematic framework, relying on established ML algorithms and suitable data preprocessing methods, which allows us to quickly get efficient, and surprisingly, better results than the literature. Finally, some recommendations for future public ICS dataset generations end this paper, which would be fruitful for improving future attack detection models and then protect new ICSs designed in the next future.
Yu, Zaifu, Shang, Wenqian, Lin, Weiguo, Huang, Wei.  2021.  A Collaborative Filtering Model for Link Prediction of Fusion Knowledge Graph. 2021 21st ACIS International Winter Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD-Winter). :33–38.
In order to solve the problem that collaborative filtering recommendation algorithm completely depends on the interactive behavior information of users while ignoring the correlation information between items, this paper introduces a link prediction algorithm based on knowledge graph to integrate ItemCF algorithm. Through the linear weighted fusion of the item similarity matrix obtained by the ItemCF algorithm and the item similarity matrix obtained by the link prediction algorithm, the new fusion matrix is then introduced into ItemCF algorithm. The MovieLens-1M data set is used to verify the KGLP-ItemCF model proposed in this paper, and the experimental results show that the KGLP-ItemCF model effectively improves the precision, recall rate and F1 value. KGLP-ItemCF model effectively solves the problems of sparse data and over-reliance on user interaction information by introducing knowledge graph into ItemCF algorithm.
López-Aguilar, Pablo, Solanas, Agusti.  2021.  Human Susceptibility to Phishing Attacks Based on Personality Traits: The Role of Neuroticism. 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). :1363–1368.
The COVID19 pandemic situation has opened a wide range of opportunities for cyber-criminals, who take advantage of the anxiety generated and the time spent on the Internet, to undertake massive phishing campaigns. Although companies are adopting protective measures, the psychological traits of the victims are still considered from a very generic perspective. In particular, current literature determines that the model proposed in the Big-Five personality traits (i.e., Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism) might play an important role in human behaviour to counter cybercrime. However, results do not provide unanimity regarding the correlation between phishing susceptibility and neuroticism. With the aim to understand this lack of consensus, this article provides a comprehensive literature review of papers extracted from relevant databases (IEEE Xplore, Scopus, ACM Digital Library, and Web of Science). Our results show that there is not a well-established psychological theory explaining the role of neuroticism in the phishing context. We sustain that non-representative samples and the lack of homogeneity amongst the studies might be the culprits behind this lack of consensus on the role of neuroticism on phishing susceptibility.
Johnson, Chelsea K., Gutzwiller, Robert S., Gervais, Joseph, Ferguson-Walter, Kimberly J..  2021.  Decision-Making Biases and Cyber Attackers. 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW). :140–144.
Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.
Rodrigues, André Filipe, Monteiro, Bruno Miguel, Pedrosa, Isabel.  2021.  Cybersecurity risks : A behavioural approach through the influence of media and information literacy. 2021 16th Iberian Conference on Information Systems and Technologies (CISTI). :1–6.
The growing use of digital media has been accompanied by an increase of the risks associated with the use of information systems, notably cybersecurity risks. In turn, the increasing use of information systems has an impact on users' media and information literacy. This research aims to address the relationship between media and information literacy, and the adoption of risky cybersecurity behaviours. This approach will be carried out through the definition of a conceptual framework supported by a literature review, and a quantitative research of the relationships mentioned earlier considering a sample composed by students of a Higher Education Institution.
Rohan, Rohani, Funilkul, Suree, Pal, Debajyoti, Chutimaskul, Wichian.  2021.  Understanding of Human Factors in Cybersecurity: A Systematic Literature Review. 2021 International Conference on Computational Performance Evaluation (ComPE). :133–140.
Cybersecurity is paramount for all public and private sectors for protecting their information systems, data, and digital assets from cyber-attacks; thus, relying on technology-based protections alone will not achieve this goal. This work examines the role of human factors in cybersecurity by looking at the top-tier conference on Human Factors in Cybersecurity over the past 6 years. A total of 24 articles were selected for the final analysis. Findings show that most of the authors used a quantitative method, where survey was the most used tool for collecting the data, and less attention has been paid to the theoretical research. Besides, three types of users were identified: university-level users, organizational-level users, and unspecified users. Culture is another less investigated aspect, and the samples were biased towards the western community. Moreover, 17 human factors are identified; human awareness, privacy perception, trust perception, behavior, and capability are the top five among them. Also, new insights and recommendations are presented.
Michaelides, N. V..  2021.  Examining attitudes towards cybersecurity compliance through the lens of the psychological contract. Competitive Advantage in the Digital Economy (CADE 2021). 2021:99–104.
This research proposal defines the aim to explore the perceptions and experiences of employees through a global pandemic. In an exploratory qualitative study, utilising thematic analysis, the intention is to take an interpretivist position to examine participants' accounts of working from home during a pandemic, by looking through the psychological contract (Rousseau, 1996a) lens to better understand this phenomenon. This research serves to offer a potential line of enquiry when it comes to the human factors of cyber and information security behaviour and any themes which may overlap with psychological contract breaches (PCB). Previous research has suggested that the psychological contract can impact on employee commitment towards their organisations (Jabeen, Behery and Hossam, 2015), and employees' attitudes towards cyber security affect the frequency in engaging in risky online behaviours, (Hadlington, 2018), this study aims to draw out any themes around these areas through semi-structured interviews with employees in a global law firm.
Al-Alawi, Adel Ismail, Alsaad, Abdulla Jalal, AlAlawi, Ebtesam Ismaeel, Naser Al-Hadad, Ahmed Abdulla.  2021.  The Analysis of Human Attitude toward Cybersecurity Information Sharing. 2021 International Conference on Decision Aid Sciences and Application (DASA). :947–956.
Over the years, human errors have been identified as one of the most critical factors impacting cybersecurity in an organization that has had a substantial impact. The research uses recent articles published on human resources and information cybersecurity. This research focuses on the vulnerabilities and the best solution to mitigate these threats based on literature review methodology. The study also focuses on identifying the human attitude and behavior towards cybersecurity and how that would impact the organization's financial impact. With the help of the Two-factor Taxonomy of the security behavior model developed in past research, the research aims to identify the best practices and compare the best practices with that of the attitude-behavior found and matched to the model. Finally, the study would compare the difference between best practices and the current practices from the model. This would help provide the organization with specific recommendations that would help change their attitude and behavior towards cybersecurity and ensure the organization is not fearful of the cyber threat of human error threat.