Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Developing social metrics for security: modeling the security culture of it workers individuals (Case study)
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2012 (English)In: Proceedings of the 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), Institute of Electrical and Electronics Engineers (IEEE), 2012, p. 112-118Conference paper, Published paper (Refereed)
Abstract [en]

In this short paper we present and discuss the findings of a case study aimed at developing social security metrics for modeling the security culture of certain individuals. Using these metrics we have modeled the security culture of IT workers individuals from Saudi Arabia. We suggest these metrics can be used for modeling and comparing different security cultures to develop a global security culture required for effective global response to cyber security issues. We start by reviewing the latest research on the social aspects of information security. Then we highlight the history of the under-development social security metrics. Afterward we discuss the setup of the case study and the methodology used. Finally, we discuss the experiment results and suggested further research work.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2012. p. 112-118
Series
Mosharaka conference paper, E-ISSN 2227-331X
Keywords [en]
Social Security Metrics, Security Mental Models, Security Culture, Risk Management, Security Controls
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-100726ISBN: 978-1-4673-5230-7 (print)ISBN: 978-1-938302-07-7 (electronic)OAI: oai:DiVA.org:su-100726DiVA, id: diva2:695734
Conference
The 5th International Conference on Communications, Computers and Applications (MIC-CCA2012), Istanbul, Turkey, 12-14 October, 2012
Available from: 2014-02-12 Created: 2014-02-12 Last updated: 2019-04-17Bibliographically approved
In thesis
1. Cybersecurity Incident Response: A Socio-Technical Approach
Open this publication in new window or tab >>Cybersecurity Incident Response: A Socio-Technical Approach
2019 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This thesis examines the cybersecurity incident response problem using a socio-technical approach. The motivation of this work is the need to bridge the knowledge and practise gap that exists because of the increasing complexity of cybersecurity threats and our limited capability of applying cybersecurity controls necessary to adequately respond to these threats. Throughout this thesis, knowledge from Systems Theory, Soft Systems Methodology and Socio-Technical Systems is applied to examine and document the socio-technical properties of cybersecurity incident response process. The holistic modelling of cybersecurity incident response process developed concepts and methods tested to improve the socio-technical security controls and minimise the existing gap in security controls.

The scientific enquiry of this thesis is based on pragmatism as the underpinning research philosophy.  The thesis uses a design science research approach and embeds multiple research methods to develop five artefacts (concept, model, method, framework and instantiation) outlined in nine peer-reviewed publications. The instantiated artefact embraces the knowledge developed during this research to provide a prototype for a socio-technical security information and event management system (ST-SIEM) integrated with an open source SIEM tool. The artefact relevance was validated through a panel of cybersecurity experts using a Delphi method. The Delphi method indicated the artefact can improve the efficacy of handling cybersecurity incidents.

Place, publisher, year, edition, pages
Stockholm: Department of Computer and Systems Sciences, Stockholm University, 2019. p. 133
Series
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 19-007
Keywords
cybersecurity incident response, SIEM, cybersecurity warning systems, socio-technical approach, organisation security culture
National Category
Computer Systems Information Systems, Social aspects
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-167873 (URN)978-91-7797-715-5 (ISBN)978-91-7797-716-2 (ISBN)
Public defence
2019-06-07, L30, NOD-huset, Borgarfjordsgatan 12, Kista, 10:00 (English)
Opponent
Supervisors
Available from: 2019-05-15 Created: 2019-04-10 Last updated: 2019-05-15Bibliographically approved

Open Access in DiVA

No full text in DiVA

Search in DiVA

By author/editor
Al Sabbagh, Bilal
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 227 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf