In this chapter we discuss the way in which businesses currently address existing cybersecurity risks. Specifically, we distinguish between the Canvas approach (“patching with frameworks and architectures”), the Technology-driven approach (“patching with technology”) and the Human-centered approach (“patching with people”). We discuss the pros and cons of each approach and analyze their related tools and methods.
- 1.Ashenden, D., & Lawrence, D. (2013, December). Can we sell security like soap? A new approach to behaviour change. In Proceedings of the 2013 Workshop on New Security Paradigms Workshop (pp. 87–94). ACM.Google Scholar
- 2.Ashenden, D., & Sasse, A. (2013). CISOs and organisational change: Their own worst enemy? Computers & Security, 39, 396–405.Google Scholar
- 3.Taratine, B. (2018). How can we build an agile robust resilient (cyber)security defence system? LinkedIn article. https://www.linkedin.com/pulse/how-can-we-build-robust-agile-resilient-cybersecurity-boris-taratine/.
- 4.Snowden, D. (2011). Risk and resilience. https://www.youtube.com/watch?v=2Hhu0ihG3kY.
- 7.Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27.Google Scholar
- 8.Hughes, J., & Cybenko, G. (2013). Quantitative metrics and risk assessment: The three tenets model of cybersecurity. Technology Innovation Management Review, 3(8), 15–24.Google Scholar
- 9.Cooper, P. (2016). Cognitive active cyber defence: Finding value through hacking human nature (MSc dissertation). Cranfield University.Google Scholar
- 10.Renaud, K., & Zimmerman, V. (2018, February). Nudging folks towards stronger password choices: Providing certainty is the key. Behavioural Public Policy, 1–31. https://doi.org/10.1017/bpp.2018.3.
- 11.Alkaldi, N., & Renaud, K. (2018, October 2). Encouraging password manager adoption by meeting adopter self-determination needs (Extended Version). Available at SSRN https://ssrn.com/abstract=3259563.
- 12.Kharlamov, A., Jaiswal, A., Parry, G., & Pogrebna, G. (2018). Heavy regulation and excessive information about cybersecurity makes people risk taking in cyberspace (Alan Turing Institute Working Paper).Google Scholar
- 14.Friedman, S. E., Musliner, D. J., & Rye, J. M. (2014). Improving automated cybersecurity by generalizing faults and quantifying patch performance. International Journal on Advances in Security, 7(3–4), 121–130. Google Scholar
- 15.Jenkins, D., Arnaud, J., Thompson, S., Yau, M., & Wright, J. (2014). Version control and patch management of protection and automation systems. Paper Presented at the 2014 12th International Conference on Developments in Power System Protection (DPSP), Copenhagen, Denmark, 31 March–3 April.Google Scholar
- 16.Kilber, J., Barclay, A., & Ohmer, D. (2014). Seven tips for managing Generation Y. Journal of Management Policy and Practice, 15(4), 80.Google Scholar