The focus on cyber security as an interaction between technical elements and humans has typically confined consideration of the latter to practical issues of implementation, conventionally those of `human performance factors' of vigilance etc., `raising awareness' and/or `incentivisation' of people and organisations to participate and adapt their behaviour. But this is far too narrow a view that seriously constrains the ability of cyber security as a whole to adapt and evolve to keep up with adaptive, innovative attackers in a rapidly-changing technological, business and social landscape, in which personal preferences of users are also dynamically evolving. While there is isolated research across different research areas, we noticed the lack of a holistic framework combining a range of applicable theoretical concepts (e.g., cultural co-evolution such as technological arms races, opportunity management, behavioural and business models) and technological solutions on reducing human-related risks in the cyber security and cybercrime ecosystems, which involve multiple groups of human actors including offenders, victims, preventers and promoters. In this presentation our ongoing work is reported in developing such a socio-technical framework 1) to allow a more comprehensive understanding of human-related risks within cyber security and cybercrime ecosystems and 2) to support the design of more effective approaches to engaging individuals and organizations in the reduction of such risks. We are in the process of instantiating this framework to encourage behavioural changes in two use cases that capture diverse and complicated socio-technical interactions in cyber-physical systems.
Tasmina Islam is a research associate with the School of Computing, University of Kent. She is working on an EPSRC funded interdisciplinary project "ACCEPT: Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks". Before joining the School of Computing, she achieved her PhD in 'Biometrics Security' specially focusing on behavioural biometrics from the School of Engineering and Digital Arts at the same institution. Her research interests include human aspects of cybersecurity, digital forensics, biometrics, pattern recognition and image processing.
Cornwallis South West,
University of Kent,
DetailsOpen to everyone, especially those interested in cyber security research,
Contact: Jason R.C. Nurse