HUMAN FACTORS SECURITY ENGINEERING: THE FUTURE OF CYBERSECURITY TEAMS

ABSTRACT

Human factors engineering has been a well-known practice since the early 1930s. This field of engineering is highly applicable and currently studied in relation to cybersecurity. Understanding the psychological components of human factors can help to resolve several concerns in the cybersecurity field. From employee recruitment and retention, to understanding burnout for SOC analysts, human factors are an emerging trend in cybersecurity. By researching and understanding the principles of human factors, cybersecurity professionals can improve security by design, reduce cognitive overload with security tooling, and improve awareness of behavioral analysis techniques. Human factors security has been increasingly gaining popularity in academic publications and will continue to trend upward as more researchers and technical professionals see the benefits of combining the two fields.

KEY TERMS AND DEFINITIONS

Advanced Threats: Advanced threats are persistent, sophisticated, and ongoing cyber threats that can potentially harm an organization, leading to privilege escalation, full system compromise, or data exfiltration.

Burnout: Burnout is when an employee experiences high levels of stress and unachievable workloads which lead to emotional distress, frustration, and ultimately may result in the employee leaving an organization.

Cognition: Cognition is a major concept in psychology, including all forms of awareness and understanding, like reasoning, problem solving, and reasoning. Cognition is also one of the three defined components of mind, including affect and conation.

Cybersecurity: Cybersecurity is the protection of information or computer systems from confidentiality, integrity, or availability concerns. Cybersecurity has evolved from information security and information assurance, while some still consider these as separate fields.

Gamification: Gamification is the application of game playing activities into other types of industries or domains, like security awareness training. Gamification is a commonly used technique to improve security awareness training and the retention of information to users.

Human Factors Engineering: Human Factors Engineering, also known as ergonomics, is the discipline of understanding physical and psychological components of humans and applying them to devices for human use. The reason Human Factors Engineering is an important science, is because it helps to improve the safety and efficiency of devices for users.

Mental Workloads: Mental workloads, or cognitive workloads, refer to the number of mental resources that a human need to use on a set of concurrent or back-to-back tasks. High levels of mental workloads can lead to fatigue, stress, or decreased performance.

Perception: Perception is a component of cognition that defines the process that a person becomes aware of objects and events by using their senses. Perception includes the ability to organize and interpret data into memories or meaningful knowledge.

Retention: Employee retention is the ability of an organization to prevent turnover, whether voluntary or involuntary. Organizations may be looking to increase employee retention to retain knowledge of systems and reduce open job positions.

Risk Management: Risk management in cybersecurity is the identification, analysis, and evaluation of cyber risks for an organization. While many frameworks exist to measure risk management, this activity may be dependent on the type of industry or threats to that organization.

Unconscious Bias: Unconscious bias is the potential implications of social stereotypes on how people are treated. In this context, unconscious bias refers to how people may be treated when applying for cybersecurity positions, which may affect the recruitment of women in the cybersecurity profession.

DISCLOSURE STATEMENT

No potential conflict of interest was reported by the author(s).