Cybersecurity insights gleaned from world religions
Renaud, Karen and Dupuis, Marc (2023) Cybersecurity insights gleaned from world religions. Computers and Security, 132. 103326. ISSN 0167-4048 (https://doi.org/10.1016/j.cose.2023.103326)
Preview |
Text.
Filename: Renaud_Dupuis_CS_2023_Cybersecurity_insights_gleaned_from_world_religions.pdf
Final Published Version License: Download (2MB)| Preview |
Abstract
Organisations craft and disseminate security policies, encoding the actions they want employees to take to preserve and protect organisational information resources. They engage in regular cybersecurity awareness and training drives to ensure that employees know what to do, and how to do it. Despite these efforts, employees make mistakes or do not comply with policy dictates, triggering cybersecurity incidents. The reality is that whereas cyber professionals propose, human nature disposes. In addressing this kind of conundrum, researchers suggest that it could be beneficial to learn from the established practices of other domains that also grapple with erratic human behaviours. This seems reasonable, given that cybersecurity is a relatively young field, and not yet particularly successful in accommodating human nature and fallibility, whereas other fields have years of experience coping with these kinds of problems. Here, we consider learning from religions, which have been around for millennia. The one aspect that all understand is human nature, and the tendency of humans to make mistakes and behave ill-advisedly, sometimes despite knowing better. Religions have developed a number of practices to accommodate human frailties, and to care for their adherents. This might well be a fruitful domain for cybersecurity professionals to learn from, in terms of harnessing effective mechanisms to encourage secure behaviours. To this end, we explored the literature on religions, and interviewed a number of religious leaders to produce a `vision for cybersecurity'. The vision was evaluated by cybersecurity professionals, its target audience. We provide our vision here, in the hope that it will launch a debate into a more equitable new era of `best practice' in the cybersecurity domain.
ORCID iDs
Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531 and Dupuis, Marc;-
-
Item type: Article ID code: 85704 Dates: DateEvent30 September 2023Published29 June 2023Published Online6 June 2023AcceptedSubjects: Science > Mathematics > Electronic computers. Computer science > Other topics, A-Z Department: Faculty of Science > Computer and Information Sciences Depositing user: Pure Administrator Date deposited: 07 Jun 2023 10:10 Last modified: 26 Nov 2024 01:19 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/85704