Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-29181
Publication type: | Article in scientific journal |
Type of review: | Peer review (publication) |
Title: | Learning from safety science : a way forward for studying cybersecurity incidents in organizations |
Authors: | Ebert, Nico Schaltegger, Thierry Ambühl, Benjamin Schöni, Lorin Zimmermann, Verena Knieps, Melanie |
et. al: | No |
DOI: | 10.1016/j.cose.2023.103435 10.21256/zhaw-29181 |
Published in: | Computers & Security |
Volume(Issue): | 134 |
Issue: | 103435 |
Issue Date: | 2023 |
Publisher / Ed. Institution: | Elsevier |
ISSN: | 0167-4048 1872-6208 |
Language: | English |
Subjects: | Cybersecurity; Human error; Incident; Safety science |
Subject (DDC): | 363: Environmental and security problems |
Abstract: | In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents. |
URI: | https://digitalcollection.zhaw.ch/handle/11475/29181 |
Fulltext version: | Published version |
License (according to publishing contract): | CC BY 4.0: Attribution 4.0 International |
Departement: | School of Management and Law |
Organisational Unit: | Institute of Business Information Technology (IWI) |
Appears in collections: | Publikationen School of Management and Law |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
2023_Ebert-etal_Learning-from-safety-science.pdf | 2.59 MB | Adobe PDF | View/Open |
Show full item record
Ebert, N., Schaltegger, T., Ambühl, B., Schöni, L., Zimmermann, V., & Knieps, M. (2023). Learning from safety science : a way forward for studying cybersecurity incidents in organizations. Computers & Security, 134(103435). https://doi.org/10.1016/j.cose.2023.103435
Ebert, N. et al. (2023) ‘Learning from safety science : a way forward for studying cybersecurity incidents in organizations’, Computers & Security, 134(103435). Available at: https://doi.org/10.1016/j.cose.2023.103435.
N. Ebert, T. Schaltegger, B. Ambühl, L. Schöni, V. Zimmermann, and M. Knieps, “Learning from safety science : a way forward for studying cybersecurity incidents in organizations,” Computers & Security, vol. 134, no. 103435, 2023, doi: 10.1016/j.cose.2023.103435.
EBERT, Nico, Thierry SCHALTEGGER, Benjamin AMBÜHL, Lorin SCHÖNI, Verena ZIMMERMANN und Melanie KNIEPS, 2023. Learning from safety science : a way forward for studying cybersecurity incidents in organizations. Computers & Security. 2023. Bd. 134, Nr. 103435. DOI 10.1016/j.cose.2023.103435
Ebert, Nico, Thierry Schaltegger, Benjamin Ambühl, Lorin Schöni, Verena Zimmermann, and Melanie Knieps. 2023. “Learning from Safety Science : A Way Forward for Studying Cybersecurity Incidents in Organizations.” Computers & Security 134 (103435). https://doi.org/10.1016/j.cose.2023.103435.
Ebert, Nico, et al. “Learning from Safety Science : A Way Forward for Studying Cybersecurity Incidents in Organizations.” Computers & Security, vol. 134, no. 103435, 2023, https://doi.org/10.1016/j.cose.2023.103435.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.