Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Chapter (peer-reviewed) › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Chapter (peer-reviewed) › peer-review
}
TY - CHAP
T1 - Human and Organizational Issues for Resilient Communications
AU - Anderson, Tom
AU - Busby, Jerry
AU - Gouglidis, Antonios
AU - Hough, Karen
AU - Hutchison, David
AU - Rouncefield, Mark
PY - 2020
Y1 - 2020
N2 - Human and organizational issues are able to create both vulnerabilities and resilience to threats. In this chapter, we investigate human and organizational factors, conducted through ethnographic studies of operators and sets of interviews with staff responsible for security, reliability and quality in two different organizations, which own and operate utility networks. Ethnography is a qualitative orientation to research that emphasizes the detailed observation and interview of people in naturally occurring settings. Our findings indicate that 'human error' forms the biggest threat to cyber-security and that there is a need for Security Operational Centres to document all cyber-security accidents. Also, we conclude that it will always be insufficient to assess mental security models in terms of their technical correctness, as it is sometimes more important to know how well they represent prevailing social issues and requirements. As a practical recommendation from this work, we suggest that utility organizations engage in penetration testing and perhaps other forms of vulnerability analysis, not only to discover specific vulnerabilities but also to learn more about the mental models they use.
AB - Human and organizational issues are able to create both vulnerabilities and resilience to threats. In this chapter, we investigate human and organizational factors, conducted through ethnographic studies of operators and sets of interviews with staff responsible for security, reliability and quality in two different organizations, which own and operate utility networks. Ethnography is a qualitative orientation to research that emphasizes the detailed observation and interview of people in naturally occurring settings. Our findings indicate that 'human error' forms the biggest threat to cyber-security and that there is a need for Security Operational Centres to document all cyber-security accidents. Also, we conclude that it will always be insufficient to assess mental security models in terms of their technical correctness, as it is sometimes more important to know how well they represent prevailing social issues and requirements. As a practical recommendation from this work, we suggest that utility organizations engage in penetration testing and perhaps other forms of vulnerability analysis, not only to discover specific vulnerabilities but also to learn more about the mental models they use.
M3 - Chapter (peer-reviewed)
SN - 9783030446840
T3 - Computer Communications and Networks
SP - 791
EP - 807
BT - Guide to Disaster-Resilient Communication Networks
A2 - Rak, Jacek
A2 - Hutchison, David
PB - Springer
CY - Cham
ER -