Botching Human Factors in Cybersecurity in Business Organizations

[1] A Eurocontrol FAA Action Plan 15 White Paper. (2015 December). A human performance standard or excellence.Search in Google Scholar

[2] Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50, 179-211.10.1016/0749-5978(91)90020-TSearch in Google Scholar

[3] Alavi, R., Islam, S., &Mouratidis, H. (2016). An information security risk-driven investment model for analysing human factors. Information &Computer Security, 24(2), 205-227.10.1108/ICS-01-2016-0006Search in Google Scholar

[4] Albrechtsen, E. &Hovden, J. (2010). Improving information security awareness and behavior through dialogue, participation and collective reflection. An intervention study. Computers &Security, 29, 432-445.10.1016/j.cose.2009.12.005Search in Google Scholar

[5] Alfawaz, S., Nelson, K. &Mohannak, K. (2010). Information security culture: A behavior compliance conceptual framework. Eighth Australasian Information Security Conference, Brisbane, Australia.Search in Google Scholar

[6] Aoyama, T., Naruoka, H., Koshijima, I., &Watanabe, K. (2015). How management goes wrong?–The human factor lessons learned from a cyber incident handling exercise. Procedia Manufacturing, 3, 1082-1087.10.1016/j.promfg.2015.07.178Search in Google Scholar

[7] Benvenuti, S. (2011). Making a case for Change Management Theory to support IS/IT curriculum innovation. Issues in Informing Science and Information Technology, 8(unknown), 093-109.10.28945/1407Search in Google Scholar

[8] Blair, T. (2017). Investigating the cybersecurity skills gap (Order No. 10623377). Available from ProQuest Dissertations &Theses Global. (1989786177). Retrieved from http://search.proquest.com.ezproxy.libproxy.db.erau.edu/docview/1989786177?accountid=27203Search in Google Scholar

[9] Bureau, S. (2018). Human-centered cybersecurity: A new approach to securing networks. Research at RIT. Rochester Institute of Technology Research Report, Fall/Winter 2017-2018.Search in Google Scholar

[10]Burkhead, R. L. (2014). A phenomenological study of information security incidents experienced by information security professionals providing corporate information security incident management (Order No. 3682325). Available from ProQuest Dissertations &Theses Global. (1657429053). Retrieved from https://search-proquest-com.contentproxy.phoenix.edu/docview/1657429053?accountid=35812Search in Google Scholar

[11]Clark, A. (2013). Whatever next? Predictive brains, situated agents, and the future of cognitive science. Behavioral and brain sciences, 36(3), 181-204.10.1017/S0140525X12000477Search in Google Scholar

[12]Clegg, S., &Bailey, J. R. (Eds.). (2007). International Encyclopedia of Organization Studies. Sage Publications.10.4135/9781412956246Search in Google Scholar

[13]Cobb, S. (2016). Mind this Gap: Criminal hacking and the global cybersecurity skills shortage, a critical analysis.Search in Google Scholar

[14]Coffey, J. W. (2017). Ameliorating sources of human error in cybersecurity: technological and human-centered approaches. In The 8th International Multi-Conference on Complexity, Informatics, and Cybernetics, Pensacola (pp. 85-88).Search in Google Scholar

[15]Department of Defense (DoD) Cybersecurity Cultural Compliance Initiative (DC3I). (2015, September).Search in Google Scholar

[16]Dhillon, G. (2001). Violation of safeguards by trusted personnel and understanding related information security concerns. Computers &Security, 20(2), 165-172.10.1016/S0167-4048(01)00209-7Search in Google Scholar

[17]Dykstra, J. (2017). Cyber Issues Related to Social and Behavioral Sciences for National Security.Search in Google Scholar

[18]Evans, M., Maglaras, L. A., He, Y., &Janicke, H. (2016). Human behavior as an aspect of cybersecurity assurance. Security and Communication Networks, 9(17), 4667-4679.10.1002/sec.1657Search in Google Scholar

[19]ForcePoint Security Labs. (2018). 2018 Security Predictions. Retrieved February 23, 2018 from https://www.forcepoint.com/sites/default/files/resources/files/report_2018_security_predictions_en.pdfSearch in Google Scholar

[20]Georgalis, J., Samaratunge, R., Kimberley, N., &Lu, Y. (2015). Change process characteristics and resistance to organisational change: The role of employee perceptions of justice. Australian Journal of Management, 40(1), 89-113.10.1177/0312896214526212Search in Google Scholar

[21]Gyunka, B. A., &Christiana, A. O. (2017). Analysis of human factors in cyber security:A case study of anonymous attack on Hbgary. Computing &Information Systems,21(2), 10-18. Retrieved from http://cis.uws.ac.uk/Search in Google Scholar

[22]Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346.10.1016/j.heliyon.2017.e00346Search in Google Scholar

[23]Klimoski, R. (2016). Critical success factors for cybersecurity leaders: Not just technical competence. People and Strategy, 39(1), 14.Search in Google Scholar

[24]Kraemer, S. &Carayon, P. (2007). Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Applied Ergonomics, 38(2007), 143-154.10.1016/j.apergo.2006.03.010Search in Google Scholar

[25]Kraemer, S., Carayon, P. &Clem, J. (2009). Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers &Security, 28, 509-520.10.1016/j.cose.2009.04.006Search in Google Scholar

[26]Lawton, R. (1998). Not working to rule: Understanding procedural violations at work. Safety Science, 28(2), 77-95.10.1016/S0925-7535(97)00073-8Search in Google Scholar

[27]Lee, Y. H., Park, J., &Jang, T. I. (2011). The human factors approaches to reduce human errors in nuclear power plants. In Nuclear Power-Control, Reliability and Human Factors. InTech.10.5772/17191Search in Google Scholar

[28]Maglaras, L., He, Y., Janicke, H., &Evans, M. (2016). Human Behaviour as an aspect of Cyber Security Assurance.Search in Google Scholar

[29]Mancuso, V. F., Strang, A. J., Funke, G. J., &Finomore, V. S. (2014, September). Human factors of cyber attacks: a framework for human-centered research. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting(Vol. 58, No. 1, pp. 437-441). Sage CA: Los Angeles, CA: SAGE Publications.10.1177/1541931214581091Search in Google Scholar

[30]Marble, J. L., Lawless, W. F., Mittu, R., Coyne, J., Abramson, M., &Sibley, C. (2015). The human factor in cybersecurity: Robust &intelligent defense. In Cyber Warfare (pp. 173-206). Springer International Publishing.10.1007/978-3-319-14039-1_9Search in Google Scholar

[31]Masters, G. (2017 June 09). Crying wolf: Combatting cybersecurity alert fatigue. SC Media. Retrieved from https://www.scmagazine.com/crying-wolf-combattingcybersecurity-alert-fatigue/article/667677/Search in Google Scholar

[32]McClain, J., Silva, A., Emmanuel, G., Anderson, B., Nauer, K., Abbott, R., &Forsythe, C. (2015). Human performance factors in cyber security forensic analysis. Procedia Manufacturing, 3, 5301-5307.10.1016/j.promfg.2015.07.621Search in Google Scholar

[33]Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., &Giannakopoulos, G.Search in Google Scholar

[34](2014). The human factor of information security: Unintentional damage perspective. Procedia-Social and Behavioral Sciences, 147, 424-428.10.1016/j.sbspro.2014.07.133Search in Google Scholar

[35] Morgan, S. (2016, May 13). Top 5 industries at risk of cyber-attacks. Forbes.com. Retrieved on February 17, 2018, from https://www.forbes.com/sites/stevemorgan/2016/05/13/list-of-the-5-most-cyber-attacked-industries/#1edfc762715eSearch in Google Scholar

[36]National Security Agency (2015). Science of Security (SoS) Initiative Annual Report 2015. Retrieved from http://cps-vo.org/sos/annualreport2015Search in Google Scholar

[37]National Science and Technology Council. (2016 February). Networking and Information Technology Research and Development Program. Ensuring Prosperity and National Security. Retrieved on March 3, 2018, https://www.nitrd.gov/cybersecurity/publications/2016_Federal_Cybersecurity_Research_and_Development_Strategic_Plan.pdfSearch in Google Scholar

[38]Neely, L. (2017). 2017 Threat Landscape Survey: Users on the front line. Sans Institute. Retrieved on February 17, 2018, from https://www.sans.org/reading-room/whitepapers/threats/2017-threat-landscape-survey-users-front-line-37910Search in Google Scholar

[39]Nobles, C. (2015). Exploring pilots’ experiences of integrating technologically advanced aircraft within general aviation: A case study (Order No. 3682948). Available from ProQuest Central; ProQuest Dissertations &Theses Global. (1658234326). Retrieved from http://search.proquest.com.ezproxy.libproxy.db.erau.edu/docview/1658234326?accountid=27203Search in Google Scholar

[40]Paustenbach, D. J. (Ed.). (2015). Human and Ecological Risk Assessment: Theory and Practice (Wiley Classics Library). John Wiley &Sons.Search in Google Scholar

[41]Pfleeger, S. L., &Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers &security, 31(4), 597-611.10.1016/j.cose.2011.12.010Search in Google Scholar

[42]Ponemon Institute. (2017, June). 2017 Cost of Data Breach Study.Search in Google Scholar

[43]Proctor, R. W., &Chen, J. (2015). The role of human factors/ergonomics in the science of security: decision making and action selection in cyberspace. Human factors, 57(5), 721-727.10.1177/0018720815585906Search in Google Scholar

[44]Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., &Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers &Security, 53, 65-78.10.1016/j.cose.2015.05.012Search in Google Scholar

[45]Sawyer, B. D., &Hancock, P. A. (2018). Hacking the Human: The Prevalence Paradox in Cybersecurity. Human factors, 60(5), 597-609.10.1177/0018720818780472Search in Google Scholar

[46]Schultz, E. (2005). The human factor in security. Computers &Security, 24, 425-426.10.1016/j.cose.2005.07.002Search in Google Scholar

[47]Soltanmohammadi, S., Asadi, S., &Ithnin, N. (2013). Main human factors affecting information system security. Interdisciplinary Journal of Contemporary Research in Business, 5(7), 329-354.Search in Google Scholar

[48]Stanton, B., Theofanos, M. F., Prettyman, S. S., &Furman, S. (2016). Security Fatigue. IT Professional, 18(5), 26-32.10.1109/MITP.2016.84Search in Google Scholar

[49]Van-Zadelhoff, Marc (2016, September). The Biggest Cybersecurity Threats Are Inside Your Company. Harvard Business Review.Search in Google Scholar

[50]Verizon 2017 Data Breach Investigations Report 10^th Edition. (2017). Retrieved on February 18, 2018, from http://www.verizonenterprise.com/verizon-insights-lab/dbir/ 2017Search in Google Scholar

[51]Vieane, A., Funke, G., Gutzwiller, R., Mancuso, V., Sawyer, B., &Wickens, C. (2016, September). Addressing Human Factors Gaps in Cyber Defense. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 60, No. 1, pp. 770-773). Sage CA: Los Angeles, CA: SAGE Publications.10.1177/1541931213601176Search in Google Scholar

[52]Young, W. &Leveson, N. (2013). Systems thinking for safety and security. Proceedings of the 29th Annual Computer Security Applications Conference. New Orleans, Lousiana, USA.10.1145/2523649.2530277Search in Google Scholar