055_.pdf (715.35 kB)
Human and organisational factors in cybersecurity: applying STAMP to explore vulnerabilities
conference contribution
posted on 2019-01-10, 16:19 authored by Andrew Wright, Gyuchan Thomas JunGyuchan Thomas JunThe human and organisational factors contributing to information security are still poorly understood, primarily due to a lack of research and absence of suitable techniques to assess complex digital systems. This paper presents the application of the System-Theoretic Accident Models and Process (STAMP) technique to the 2013/2014 Target Corporation data breach. The aims of the study are to investigate the causal factors using a systemic approach, and to demonstrate the benefits of the technique to information security applications. A number of critical control flaws were identified through the STAMP analysis include: i) poor external and internal communication/co-ordination of new threats and vulnerabilities; ii) inadequate learning from past events, internally and externally; iii) a lack of proactive security management to understand and learn from system successes and good practices as well as system failures; iv) ineffective management and co-ordination with the supply chain and their security systems.
History
School
- Design
Published in
Contemporary Ergonomics & Human Factors 2019Citation
WRIGHT, A. and JUN, G.T., 2019. Human and organisational factors in cybersecurity: applying STAMP to explore vulnerabilities. IN: Charles, R. and Golightly, D. (eds). Contemporary Ergonomics & Human Factors 2019, Stratford-upon-Avon, UK, 29 April-1 May 2019.Publisher
© Chartered Institute of Ergonomics & Human FactorsVersion
- VoR (Version of Record)
Acceptance date
2018-12-12Publication date
2019ISBN
9781999652715Publisher version
Language
- en