Centro Ricerche Socio-Psicologiche e Criminologico Forensi | THEMIS

Building Organizational Risk Culture in Cyber Security: The Role ho Human Factors

Corradini I., Nardelli E. (2018)

Abstract: Many information security specialists stress the importance of human beings in cyber security prevention strategies since they are often considered the "weakest link in the chain of security". In fact, international security reports analyzing cyber-attacks confirm that the main problem is represented by people’s actions, i.e. opening phishing mail and unchecked attached files, giving sensitive information though social engineering attacks. In our vision we consider employees, if well-trained, the first defense line in the organization. But planning an educational path in cyber security needs a process including a preliminary people’s risks perception analysis, in order to develop a tailor-made training program.
In this paper we describe the result of a two-stage survey in a sample of 815 employers regarding risk perception in a multinational company (C) operating in the financial sector. The results highlight the fundamental need of a strong organization’s risk culture to manage cyber security in an efficient way.

 
 

 

How to cite this article:

Corradini, I., Nardelli, E. (2018). Building Organizational Risk Culture in Cyber Security: The Role of Human Factors. In AHFE 2018 International Conference on Applied Human Factors and Ergonomics. Springer, Cham [10.1007/978-3-319-94782-2_19].

logo themis footer

Themis - Centro Ricerche Socio-Psicologiche e Criminologico Forensi