Department of Information Science

Permanent URI for this community

https://scholar.sun.ac.za/handle/10019.1/51

Browse

Browsing Department of Information Science by browse.metadata.advisor "Bruce, Watson"

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Digital risk management : investigating human-factor security with a behaviourist approach
    (Stellenbosch : Stellenbosch University, 2022-04) Ruan, Pretorius; Dewald, Blaauw; Bruce, Watson; Stellenbosch University. Faculty of Arts and Social Sciences. Dept. of Information Science.
    ENGLISH SUMMARY: The successful digitisation of modern organisations relies on the cohesion between information technology and the workforce responsible for managing and operating it. Without proper management and operation, even the most sophisticated technologies may become vulnerable when operated by a low skilled worker. Numerous studies acknowledge human vulnerability in cyber security, also known as human-factor security, as the “weakest link” in a digitised organisation’s security posture. Existing literature suggests that there is a lack of focus on the impact of human-factor security on information and data security in organisations. The focus is on the risks posed by technologies, whereas the risks presented by workers implementing, managing, or interacting with these technologies are neglected. In addition, existing literature proposes risk management frameworks to aid in digital risk management as a whole. Thus, the need to investigate how risk management frameworks could be applied to human-factor security in digitised organisations arise. This paper provides a comprehensive understanding of the behavioural and cognitive science of people in relation to digital threat awareness and response. This is achieved through a qualitative assessment of responses to survey questions on an authentic dataset. This authentic dataset consists of South African employees working in digitised orginisations. The survey questions utilise the Behaviourist Learning Theory. The Behaviourist Learning Theory relies on understanding human behaviour by investigating the person’s behvioural response when exposed to environmental stimuli. For this survey, the behaviour is understood by investigating the partcipants’ behvioural response when exposed to digital threats. The survey results give an indication of the strength of the security posture of the dataset. Additionally, from the survey results, insight is gained on how the human-factor security may be improved. Therefore, a risk management plan is presented to assist in managing human-factor security. The risks management plan involves the identification, assessment, response to the risks found in the behaviour from the dataset. Thus, this research project provides security- and risk managers with insight into human vulnerabilities and behaviour when interacting with information systems and technology in digitised organisations. The insights presented in this paper may be utilised to enhance the organisation’s security posture through the implementation of a risk management plan. From the survey responses, it is evident that most respondents show a high level of awareness of security and competence when exposed to potential threats. However, there can be observed that few employees do portray risky behaviour. The risky behviour may still result in devastating consequences, regardless of the low probability of occurrence.