Loughborough University
Browse
055_.pdf (715.35 kB)

Human and organisational factors in cybersecurity: applying STAMP to explore vulnerabilities

Download (715.35 kB)
conference contribution
posted on 2019-01-10, 16:19 authored by Andrew Wright, Gyuchan Thomas JunGyuchan Thomas Jun
The human and organisational factors contributing to information security are still poorly understood, primarily due to a lack of research and absence of suitable techniques to assess complex digital systems. This paper presents the application of the System-Theoretic Accident Models and Process (STAMP) technique to the 2013/2014 Target Corporation data breach. The aims of the study are to investigate the causal factors using a systemic approach, and to demonstrate the benefits of the technique to information security applications. A number of critical control flaws were identified through the STAMP analysis include: i) poor external and internal communication/co-ordination of new threats and vulnerabilities; ii) inadequate learning from past events, internally and externally; iii) a lack of proactive security management to understand and learn from system successes and good practices as well as system failures; iv) ineffective management and co-ordination with the supply chain and their security systems.

History

School

  • Design

Published in

Contemporary Ergonomics & Human Factors 2019

Citation

WRIGHT, A. and JUN, G.T., 2019. Human and organisational factors in cybersecurity: applying STAMP to explore vulnerabilities. IN: Charles, R. and Golightly, D. (eds). Contemporary Ergonomics & Human Factors 2019, Stratford-upon-Avon, UK, 29 April-1 May 2019.

Publisher

© Chartered Institute of Ergonomics & Human Factors

Version

  • VoR (Version of Record)

Acceptance date

2018-12-12

Publication date

2019

ISBN

9781999652715

Language

  • en

Editor(s)

Rebecca Charles, David Golightly

Location

Stratford-upon-Avon

Usage metrics

    Loughborough Publications

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC