Security-Aware Organisational Cultures as a Starting Point in Mitigating Socio-Technical Risks
نویسنده
چکیده
This extended abstract briefly introduces Hofstede’s three leveled model of human mental programming which captures the unique mental constitution of a person. These levels devide the vague “human factor” in more approachable categories. In the following sections each category is addressed and presented seperately according to research found and regarding security-aware behaviour. By including universal human behaviour, characteristics of organisational and national cultures as well as (occupational) grouping of personality traits of employees, we might be able to identify emerging social threats. Furthermore, assessing social risks could help to develop guidelines for cultural change towards a more securityaware organisational culture. As the influence of an organisation on external factors (other than their own organisational culture) tends to be minimal, developing, allowing, and applying cultural changes can be a promising approach in mitigating socio-technical risks.
منابع مشابه
Patterns of Information Security Postures for Socio-Technical Systems and Systems-of-Systems
This paper describes a proposal to develop patterns of security postures for computer based socio-technical systems and systems-of-systems. Such systems typically span many organisational boundaries, integrating multiple computer systems, infrastructures and organisational processes. The paper describes the motivation for the proposed work, and our approach to the development, specification, in...
متن کاملAssessing ICT Security Risks in Socio-Technical Systems (Dagstuhl Seminar 16461)
This report documents the program and the outcomes of Dagstuhl Seminar 16461 “Assessing ICT Security Risks in Socio-Technical Systems”. As we progress from classic mechanical or electrical production systems, over ICT systems, to socio-technical systems, risk assessment becomes increasingly complex and difficult. Risk assessment for traditional engineering systems assumes the systems to be dete...
متن کاملSocio-Technical Security Analysis of Industrial Control Systems (ICS)
Focusing on technical security can lead to shortfalls in the understanding of social and organisational security challenges. This paper proposes a method for analysing social, technical, and organisational security challenges, in regard to industrial control systems (ICS). This method is applied to a target organisation dependent on ICS, to validate the approach and gain initial insight into th...
متن کاملModelling and reasoning about security requirements in socio-technical systems
Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on...
متن کاملCombining Failure Mode and Functional Resonance Analyses in Healthcare Settings
Socio-technical systems rely on technological artefacts as well as human and professional practices in order to achieve organisational safety. From an organisational viewpoint of analysis, different safety barriers are often put in place in order to mitigate risks. The complexity of such systems poses challenges to safety assessment approaches that rely on simple, identifiable cause and effect ...
متن کامل