Electronic Resource
Learning from safety science: A way forward for studying cybersecurity incidents in organizations
| العنوان: | Learning from safety science: A way forward for studying cybersecurity incidents in organizations |
|---|---|
| المؤلفون: | Ebert, Nico; https://orcid.org/0000-0002-9683-4792, Schaltegger, Thierry; https://orcid.org/0000-0002-6125-9169, Ambuehl, Benjamin, Schöni, Lorin, Zimmermann, Verena, Knieps, Melanie |
| المصدر: | Ebert, Nico; Schaltegger, Thierry; Ambuehl, Benjamin; Schöni, Lorin; Zimmermann, Verena; Knieps, Melanie (2023). Learning from safety science: A way forward for studying cybersecurity incidents in organizations. Computers and Security, 134:103435. |
| بيانات النشر: | Elsevier 2023-11-01 |
| نوع الوثيقة: | Electronic Resource |
| مستخلص: | In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents. |
| مصطلحات الفهرس: | Institute of Political Science, Digital Society Initiative, 320 Political science, Cybersecurity, Incident, Safety science, Human error, Journal Article, PeerReviewed, info:eu-repo/semantics/article, info:eu-repo/semantics/publishedVersion |
| URL: | 10.1016/j.cose.2023.103435 |
| الاتاحة: | Open access content. Open access content info:eu-repo/semantics/openAccess Creative Commons: Attribution 4.0 International (CC BY 4.0) http://creativecommons.org/licenses/by/4.0 info:eu-repo/semantics/openAccess |
| ملاحظة: | application/pdf info:doi/10.5167/uzh-236010 English English |
| Other Numbers: | CHUZH oai:www.zora.uzh.ch:236010 https://www.zora.uzh.ch/id/eprint/236010/1/1_s2.0_S0167404823003450_main.pdf info:doi/10.5167/uzh-236010 info:doi/10.1016/j.cose.2023.103435 urn:issn:0167-4048 1443053246 |
| المصدر المساهم: | HAUPTBIBLIOTHEK UNIV OF ZURICH From OAIster®, provided by the OCLC Cooperative. |
| رقم الانضمام: | edsoai.on1443053246 |
| قاعدة البيانات: | OAIster |
| الوصف غير متاح. |