D-F of cyber security

Renaud, Karen (2022) D-F of cyber security. Network Security, 2022 (3). ISSN 1353-4858 (https://doi.org/10.12968/s1353-4858(22)70024-4)

[thumbnail of Renaud-NS-2022-D-F-of-cyber-security]
Text. Filename: Renaud_NS_2022_D_F_of_cyber_security.pdf
Accepted Author Manuscript
License: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 logo

Download (615kB)| Preview


I have gained inspiration from the Human Factors in Diving community to start an "A-Zs of cyber security". D: Debrief. When divers return from a dive, they reflect on: (1) what went right, (2) why did it go right? It is interesting to note that they do not initially focus on what went wrong even though lives can be lost when divers make mistakes. They focus on the positive behaviours that can be highlighted and emphasised for the benefit of others. When organisations experience a Phishing attack, there is often a myopic focus on the employees who fell for the attack. They are usually in the minority, but very few organisations look at the bigger picture: i.e., who saw the Phishing message and spotted it? What can we learn from what they did right so that we can better prepare those who were deceived?