- Browse/Search the Program
Search
Program Calendar
Browse By Day
Browse By Room
- Information Menu
Search Tips
Virtual Exhibit Hall
- Navigation and Settings Menu
Personal Schedule
Sign In
Towards a human-centered cyber resilience
Fri, September 13, 9:30 to 10:45am, Faculty of Law, University of Bucharest, Floor: Ground floor, Room 1.11Abstract
With this theoretical paper we contribute to the perspective of a human-centered cyber resilience by extending Zimmermann and Renaud’s (2019) earlier ‘human-as-solution’ approach to cybersecurity with a next step towards a human-centered cyber resilience. In this step, human actors play a crucial role in an organization’s ‘(…) ability to prepare, absorb, recover, and adapt to adverse effects caused by cyberattacks (…), with the ultimate aim for the organization to continuously deliver the intended functions or services’ (Dupont et al. 2023, pp. 3). Firstly, we will explain the persistence of the classic ‘human-as-problem’ approach by tracing its origins in societal and scientific developments back to the industrial revolution. Secondly, we will supplement the ‘human-as-solution’ approach using literature from related scientific disciplines: (I) safety sciences, (II) positive psychology and (III) positive security.
Emphasis on the human contribution to cyber resilience helps grow a necessary sense of shared responsibility among employees. Of course, it is still important to learn from cyber incidents, what went wrong due to human action, and to discipline employees who deliberately cause damage to the organization. However, cybersecurity needs another, positive approach to human actors as default to reach the needed flexibility and resilience to face the contemporary digital risks of organizations. We advocate learning from what goes right in daily practice when it comes to cybersecurity: why do people make the right choices that prevent incidents from happening or escalate? We will explore our theoretical arguments and conclude by outlining future directions for theoretical and empirical work.