Tashfiq Rahman
ABSTRACT
Humans are often considered to be the weakest link in the cybersecurity chain. However, traditionally the Computer Science (CS) researchers have investigated the technical aspects of cybersecurity, focusing on the encryption and network security mechanisms. The human aspect although very important is often neglected. In this work we carry out a scoping review to investigate the take of the CS community on the human-centric cybersecurity paradigm by considering the top conferences on network and computer security for the past six years. Results show that broadly two types of users are considered: expert and non-expert users. Qualitative techniques dominate the research methodology employed, however, there is a lack of focus on the theoretical aspects. Moreover, the samples have a heavy bias towards the Western community, due to which the results cannot be generalized, and the effect of culture on cybersecurity is a lesser known aspect. Another issue is with respect to the unavailability of standardized security-specific scales that can measure the cybersecurity perception of the users. New insights are obtained and avenues for future research are presented.
- Acar, Y. 2017. Security Developer Studies with GitHub Users: Exploring a Convenience Sample. Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) (2017), 81–95.Google Scholar
- Acar, Y. 2016. You Get Where You're Looking for: The Impact of Information Sources on Code Security. Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016 (2016), 289–305.Google ScholarCross Ref
- Adams, D. 2019. Ethics emerging: The story of privacy and security perceptions in virtual reality. Proceedings of the 14th Symposium on Usable Privacy and Security, SOUPS 2018 (2019), 427–442.Google Scholar
- Alomar, N. 2020. “You've got your nice list of bugs, now what?” Vulnerability discovery and management processes in the wild. Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020 (2020), 319–340.Google Scholar
- Angulo, J. 2015. “WTH..!?!” Experiences, reactions, and expectations related to online privacy panic situations. Symposium on Usable Privacy and Security (2015), 19–38.Google Scholar
- Baki, S. 2017. Scaling and effectiveness of email masquerade attacks: Exploiting natural language generation. ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security (2017), 469–482.Google ScholarDigital Library
- Le Blond, S. 2018. On Enforcing the Digital Immunity of a Large Humanitarian Organization. Proceedings - IEEE Symposium on Security and Privacy (2018), 424–440.Google ScholarCross Ref
- Blythe, J.M. 2019. Unpacking security policy compliance: The motivators and barriers of employees’ security behaviors. SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security (2019), 103–122.Google Scholar
- Chen, P. 2007. Finding scientific gems with Google's PageRank algorithm. Journal of Informetrics. 1, 1 (2007), 8–15. DOI: https://doi.org/10.1016/j.joi.2006.06.001.Google ScholarCross Ref
- Dunn, M.H. and Merkle, L.D. 2018. Assessing the Impact of a National Cybersecurity Competition on Students’ Career Interests. Proceedings of the 49th ACM Technical Symposium on Computer Science Education (New York, NY, USA, 2018), 62–67.Google Scholar
- Enev, M. 2015. Automobile Driver Fingerprinting. Proceedings on Privacy Enhancing Technologies (2015), 34–50.Google Scholar
- Faklaris, C. 2019. A self-report measure of end-user security attitudes (SA-6). Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019 (2019), 61–77.Google Scholar
- Frik, A. 2019. Privacy and security threat models and mitigation strategies of older adults. Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019 (2019), 21–40.Google Scholar
- Frik, A. 2020. The impact of ad-blockers on product search and purchase behavior: A lab experiment. Proceedings of the 29th USENIX Security Symposium (2020), 163–179.Google ScholarDigital Library
- Hamm, P. 2019. A Systematic Analysis of User Evaluations in Security Research. Proceedings of the 14th International Conference on Availability, Reliability and Security (New York, NY, USA, 2019).Google ScholarDigital Library
- Humayun, M. 2020. Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study. Arabian Journal for Science and Engineering. 45, 4 (2020), 3171–3189. DOI:https://doi.org/10.1007/s13369-019-04319-2.Google ScholarCross Ref
- Jayakrishnan, G.C. 2020. Passworld: A Serious Game to Promote Password Awareness and Diversity in an Enterprise. Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020 (2020), 1–18.Google Scholar
- Jeong, J. 2019. Towards an Improved Understanding of Human Factors in Cybersecurity. 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC) (2019), 338–345.Google ScholarCross Ref
- Kitkowska, A. 2020. Enhancing privacy through the visual design of privacy notices: Exploring the interplay of curiosity, control and affect. Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020 (2020), 437–456.Google Scholar
- Lebeck, K. 2018. Towards Security and Privacy for Multi-user Augmented Reality: Foundations with End Users. 2018 IEEE Symposium on Security and Privacy (SP) (2018), 392–408.Google Scholar
- Lee, I. 2020. Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management. Future Internet .Google Scholar
- Li, F. 2019. Keepers of the machines: Examining how system administrators manage software updates. Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019 (2019), 273–288.Google Scholar
- van der Linden, D. 2020. Pets without PETs: on pet owners’ under-estimation of privacy concerns in pet wearables. Proceedings on Privacy Enhancing Technologies (2020), 143–164.Google ScholarCross Ref
- Mathur, A. and Chetty, M. 2017. Impact of User Characteristics on Attitudes Towards Automatic Mobile Application Updates Impact of User Characteristics on Attitudes Towards. Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) (2017), 175–193.Google Scholar
- Michalec, O.A. 2020. Industry Responses to the European Directive on Security of Network and Information Systems ( NIS ): Understanding policy implementation practices across critical infrastructures This paper is included in the Proceedings of the Sixteenth Symposium on Usab. Soups (2020).Google Scholar
- Minkov, M. and Hofstede, G. 2011. The evolution of Hofstede's doctrine. Cross Cultural Management: An International Journal. 18, 1 (Jan. 2011), 10–20. DOI:https://doi.org/10.1108/13527601111104269.Google ScholarCross Ref
- Mu, D. 2018. Understanding the reproducibility of crowd-reported security vulnerabilities. Proceedings of the 27th USENIX Security Symposium (2018), 919–936.Google ScholarDigital Library
- Munn, Z. 2014. Establishing confidence in the output of qualitative research synthesis: the ConQual approach. BMC Medical Research Methodology. 14, 1 (2014), 108. DOI:https://doi.org/10.1186/1471-2288-14-108.Google ScholarCross Ref
- Nurse, J.R.C.C. 2018. “ It ’ s Scary ... It ’ s Confusing ... It ’ s Dull ”: How Cybersecurity Advocates Overcome Negative Perceptions of Security This paper is included in the Proceedings of the " It ’ s Scary ... It ’ s Confusing ... It ’ s Dull ": How Cybersecurity Advocate. Risk Analysis (2018), 1337–1342.Google Scholar
- Oates, M. 2018. Turtles, locks, and bathrooms: Understanding mental models of privacy through illustration. Proceedings on Privacy Enhancing Technologies (2018), 5–32.Google ScholarCross Ref
- Oliveira, D.S. 2018. API Blindspots: Why Experienced Developers Write Vulnerable Code. Proceedings of the 14th Symposium on Usable Privacy and Security, SOUPS 2018 (2018), 315–328.Google Scholar
- Palombo, H. 2020. An ethnographic understanding of software (In)security and a co-creation model to improve secure software development. Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020 (2020), 205–220.Google Scholar
- Palombo, H. 2020. An Ethnographic Understanding of Software (In)Security and a Co-Creation Model to Improve Secure Software Development. Sixteenth Symposium on Usable Privacy and Security ({SOUPS} 2020) (Aug. 2020), 205–220.Google Scholar
- Peters, M.D.J. 2015. Guidance for conducting systematic scoping reviews. International journal of evidence-based healthcare. 13, 3 (Sep. 2015), 141–146. DOI:https://doi.org/10.1097/XEB.0000000000000050.Google ScholarCross Ref
- Redmiles, E.M. 2019. How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples. Proceedings - IEEE Symposium on Security and Privacy (2019), 1326–1343.Google ScholarCross Ref
- Redmiles, E.M. 2019. “Should I Worry?” A Cross-Cultural Examination of Account Security Incident Response. 2019 IEEE Symposium on Security and Privacy (SP) (2019), 920–934.Google Scholar
- Ruoti, S. 2019. A comparative usability study of key management in secure email. Proceedings of the 14th Symposium on Usable Privacy and Security, SOUPS 2018 (2019), 375–394.Google Scholar
- Ruoti, S. 2019. Weighing Context and Trade-offs: How suburban adults selected their online security posture. Proceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017 (2019), 211–228.Google Scholar
- Sánchez-Gordón, M. and Colomo-Palacios, R. 2020. Security as Culture: A Systematic Literature Review of DevSecOps. Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops (New York, NY, USA, 2020), 266–269.Google ScholarDigital Library
- Suryotrisongko, H. and Musashi, Y. 2019. Review of Cybersecurity Research Topics, Taxonomy and Challenges: Interdisciplinary Perspective. 2019 IEEE 12th Conference on Service-Oriented Computing and Applications (SOCA) (2019), 162–167.Google Scholar
- Švábenský, V. 2020. What Are Cybersecurity Education Papers About? A Systematic Literature Review of SIGCSE and ITiCSE Conferences. Proceedings of the 51st ACM Technical Symposium on Computer Science Education (New York, NY, USA, 2020), 2–8.Google ScholarDigital Library
- Tahaei, M. and Vaniea, K. 2019. A Survey on Developer-Centred Security. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (2019), 129–138.Google ScholarCross Ref
- Tiefenau, C. 2020. Security, availability, and multiple information sources: Exploring update behavior of system administrators. Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020 (2020), 239–258.Google Scholar
- van de Ven, A.H. 1989. Nothing Is Quite so Practical as a Good Theory. The Academy of Management Review. 14, 4 (1989), 486–489.Google ScholarCross Ref
- Votipka, D. 2018. Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes. Proceedings - IEEE Symposium on Security and Privacy (2018), 374–391.Google Scholar
- Zhang-Kennedy, L. 2018. The aftermath of a crypto-ransomware attack at a large academic institution. Proceedings of the 27th USENIX Security Symposium (2018), 1061–1078.Google ScholarDigital Library
- Zhu, F. 2011. Reciprocity Attacks. Proceedings of the Seventh Symposium on Usable Privacy and Security (New York, NY, USA, 2011).Google Scholar
Index Terms
- Human Factors in Cybersecurity: A Scoping Review
Index terms have been assigned to the content through auto-classification.
Recommendations
Human Factors in Phishing Attacks: A Systematic Literature Review
Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in digital communication. It is a type of cyber attack often successful because users are not aware of their vulnerabilities or are unable to ...
Understanding the Last Line of Defense: Human Response to Cybersecurity Events
HCI for Cybersecurity, Privacy and TrustAbstractCybersecurity in consumer, corporate, and military settings, continues to be a growing concern in the modern and technologically driven world. As Wiederhold (2014) puts it, “the human factor remains the security’s weakest link in cyberspace.” A ...
A New Hope: Human-Centric Cybersecurity Research Embedded Within Organizations
HCI for Cybersecurity, Privacy and Trust
Comments