"I was pleased to see that the new journal is aimed at managers in the field to better understand the benefits of supply chain management thinking. The journal is focused on delivering these developing best practices to practicing managers. There is a vast gulf between academic’s theory and managerial practice [and] your journal should be a timely addition."
Human aspects of cyber security: Behaviour or culture change
Click the button below to download the full text of the article.
Abstract: For security professionals, addressing the role of the human in cyber security is becoming ever more important as systems are technically increasingly secure and threat actors shift their focus towards exploiting human vulnerabilities. This paper looks at three ways that the role of humans in cyber security has been addressed and suggests integrating culture, behaviour and the design of security tools and policies to properly define the role of the human in protecting cyber security.
Keywords: cyber security; behaviour change; organisational culture; human vulnerabilities
Adam Joinson holds the post of Professor of Information Systems at the University of Bath, School of Management. His research focuses on the interaction between psychology and technology, with a particular focus on how technology can shape behaviour, social relations and attitudes. Recently this work has covered privacy attitudes and behaviours, the social impact of monitoring technology, computer-mediated communication and the human aspects of cyber security and security compliance. The EPSRC, ESRC, EU, British Academy and UK Government have funded this work. He has published over 80 articles in the field, as well as editing the Oxford Handbook of Internet Psychology (OUP, 2007) and authoring two books on psychology and technology. He is principal investigator for the Cyber-Security Across the LifeSpan project (www.cSALSA.uk) and co-investigator for the Centre for Research and Evidence on Security Threats (www.crestresearch.ac.uk).
Tommy Van Steen is a postdoctoral research associate at the University of Bath, School of Management. His research focuses on advancing behaviour change knowledge and applying behaviour change theories to a variety of themes and behaviours. Currently, this involves applying behaviour change theories to address cyber security questions. These questions include the role of end users, management, and organisational structures that can hinder or support the occurrence of meaningful and lasting behaviour change. His work is funded by the UK Government.