Human Behaviour as an aspect of Cyber Security Assurance
This is an incremental review for cyber security practitioners, highlighting the need for better human-focused methods to enhance security assurance.
The article identifies gaps in cyber security assurance by reviewing literature on human factors, proposing that the field should adopt practices like human reliability assessment and statistical quality control to improve assurance.
There continue to be numerous breaches publicised pertaining to cyber security despite security practices being applied within industry for many years. This article is intended to be the first in a number of articles as research into cyber security assurance processes. This article is compiled based on current research related to cyber security assurance and the impact of the human element on it. The objective of this work is to identify elements of cyber security that would benefit from further research and development based on the literature review findings. The results outlined in this article present a need for the cyber security field to look in to established industry areas to benefit from effective practices such as human reliability assessment, along with improved methods of validation such as statistical quality control in order to obtain true assurance. The article proposes the development of a framework that will be based upon defined and repeatable quantification, specifically relating to the range of human aspect tasks that provide, or are intended not to negatively affect cyber security posture.