Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-29181Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Ebert, Nico | - |
| dc.contributor.author | Schaltegger, Thierry | - |
| dc.contributor.author | Ambühl, Benjamin | - |
| dc.contributor.author | Schöni, Lorin | - |
| dc.contributor.author | Zimmermann, Verena | - |
| dc.contributor.author | Knieps, Melanie | - |
| dc.date.accessioned | 2023-11-24T13:46:58Z | - |
| dc.date.available | 2023-11-24T13:46:58Z | - |
| dc.date.issued | 2023 | - |
| dc.identifier.issn | 0167-4048 | de_CH |
| dc.identifier.issn | 1872-6208 | de_CH |
| dc.identifier.uri | https://digitalcollection.zhaw.ch/handle/11475/29181 | - |
| dc.description.abstract | In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents. | de_CH |
| dc.language.iso | en | de_CH |
| dc.publisher | Elsevier | de_CH |
| dc.relation.ispartof | Computers & Security | de_CH |
| dc.rights | http://creativecommons.org/licenses/by/4.0/ | de_CH |
| dc.subject | Cybersecurity | de_CH |
| dc.subject | Human error | de_CH |
| dc.subject | Incident | de_CH |
| dc.subject | Safety science | de_CH |
| dc.subject.ddc | 363: Umwelt- und Sicherheitsprobleme | de_CH |
| dc.title | Learning from safety science : a way forward for studying cybersecurity incidents in organizations | de_CH |
| dc.type | Beitrag in wissenschaftlicher Zeitschrift | de_CH |
| dcterms.type | Text | de_CH |
| zhaw.departement | School of Management and Law | de_CH |
| zhaw.organisationalunit | Institut für Wirtschaftsinformatik (IWI) | de_CH |
| dc.identifier.doi | 10.1016/j.cose.2023.103435 | de_CH |
| dc.identifier.doi | 10.21256/zhaw-29181 | - |
| zhaw.funding.eu | No | de_CH |
| zhaw.issue | 103435 | de_CH |
| zhaw.originated.zhaw | Yes | de_CH |
| zhaw.publication.status | publishedVersion | de_CH |
| zhaw.volume | 134 | de_CH |
| zhaw.publication.review | Peer review (Publikation) | de_CH |
| zhaw.author.additional | No | de_CH |
| zhaw.display.portrait | Yes | de_CH |
| Appears in collections: | Publikationen School of Management and Law | |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 2023_Ebert-etal_Learning-from-safety-science.pdf | 2.59 MB | Adobe PDF |  View/Open |
Show simple item record
Ebert, N., Schaltegger, T., Ambühl, B., Schöni, L., Zimmermann, V., & Knieps, M. (2023). Learning from safety science : a way forward for studying cybersecurity incidents in organizations. Computers & Security, 134(103435). https://doi.org/10.1016/j.cose.2023.103435
Ebert, N. et al. (2023) ‘Learning from safety science : a way forward for studying cybersecurity incidents in organizations’, Computers & Security, 134(103435). Available at: https://doi.org/10.1016/j.cose.2023.103435.
N. Ebert, T. Schaltegger, B. Ambühl, L. Schöni, V. Zimmermann, and M. Knieps, “Learning from safety science : a way forward for studying cybersecurity incidents in organizations,” Computers & Security, vol. 134, no. 103435, 2023, doi: 10.1016/j.cose.2023.103435.
EBERT, Nico, Thierry SCHALTEGGER, Benjamin AMBÜHL, Lorin SCHÖNI, Verena ZIMMERMANN und Melanie KNIEPS, 2023. Learning from safety science : a way forward for studying cybersecurity incidents in organizations. Computers & Security. 2023. Bd. 134, Nr. 103435. DOI 10.1016/j.cose.2023.103435
Ebert, Nico, Thierry Schaltegger, Benjamin Ambühl, Lorin Schöni, Verena Zimmermann, and Melanie Knieps. 2023. “Learning from Safety Science : A Way Forward for Studying Cybersecurity Incidents in Organizations.” Computers & Security 134 (103435). https://doi.org/10.1016/j.cose.2023.103435.
Ebert, Nico, et al. “Learning from Safety Science : A Way Forward for Studying Cybersecurity Incidents in Organizations.” Computers & Security, vol. 134, no. 103435, 2023, https://doi.org/10.1016/j.cose.2023.103435.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.