Abstract

Holistic assessment of cyber security risks is a complex multi-component and multi-level problem involving hardware, software, environmental, and human factors. As part of an on-going effort to develop a holistic, predictive cyber security risk assessment model, the characterization of human factors, which includes human behavior, is needed to understand how the actions of users, defenders, and attackers affect cyber security risk. The work group developing this new cyber security risk assessment model and framework has chosen to distinguish between trust and confidence by using “trust” only for human factors, and “confidence” for all non-human factors (e.g. hardware and software) in order to reduce confusion between the two concepts within our model. We have developed an initial framework for how to incorporate trust as a factor/parameter within a larger characterization of the human influences (users, defenders and attackers) on cyber security risk. Trust in the human factors is composed of two main categories: inherent characteristics, that which is a part of the individual, and situational characteristics, that which is outside of the individual. The use of trust as a human factor in holistic cyber security risk assessment will also rely on understanding how differing mental models and risk postures impact the level trust given to an individual and the biases affecting the ability to give said trust.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.