SlideShare a Scribd company logo

Human factors in cybersecurity: Needs assessment

Download as PPTX, PDF
Rick van der Kleij
Rick van der Kleij

Overview of challenges and needs of cyber security professionals/ employees working in cyber security professions

Economy & Finance
1 of 12
SRP CYBER FOR FINANCIALS Human factors in cyber security | Rick van der Kleij, Dimitri Hehanussa & Reinder Wolthuis
CYBER SECURITY PROFESSIONALS Innovating for Cyber Security Professionals Business state
FOCUS ON PROFESSIONALS: ISSUES? Large component of knowledge work: creative problem solving Highly automated environment: human automation teaming Information overloaded environment/ big data problem (high number of potential false positives) ….. Question: How to improve the performance & functioning of the human elements in this challenging working enviroment? SRP Cyber for Financials
NEEDS MODEL: INTERVIEWS IN 2017 Organization needs Team Performance needs Individual needs Instrumental needs 21 September 20175 | Computer Security Incident Response Teams Needs that pertain to Incident handling behavior or tangible outcomes, such as time to identification, or ability to remove threat Needs that pertain to the state of the team or level of team performance required for satisfactory functioning, such as team structure Needs that pertain to the individual’s abilities or attitudes, such as job satisfaction or team orientation Interventions or tools that are required to obtain a satisfactory level of functioning Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology. doi: 10.3389/fpsyg.2017.02179
ORGANISATION Innovating for Cyber Security Professionals • Problem solving capacity; • Measuring Effectiveness; • Coordination & information exchange; • Organizational learning
TEAM Innovating for Cyber Security Professionals • Sharing information within team (e.g., between shifts & handovers); • Work in multiteams • Team awareness;
INDIVIDUALS Innovating for Cyber Security Professionals • Acquire en keep personnel; • Competence management; • Decision making around incident (e.g., triage); • Balancing workload
INSTRUMENTS Innovating for Cyber Security Professionals • Interpersonal communication tools; • Incident-reports; • Visual overviews for shared situation awareness;
10 | Computer Security Incident Response Teams Human state monitoring OTHER RELEVANT TOPICS?
BOTTLENECKS RELATED TO HF RESEARCH? It’s about humans, so professionals, employees or customers need to be involved in the research Capacity and involvement is required Observations and interviews sometimes needed in practice, e.g., to gain detailed understanding of how analysts perform, how sensemaking takes place in practice, and what the issues are that relate to SOC- automation. Interventions eventually need to be tested in practice (human-in-the- loop) SRP Cyber for Financials
THANK YOU FOR YOUR ATTENTION Take a look: TIME.TNO.NL

Recommended

Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh Shanmughanathan20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh ShanmughanathanSharath Kumar
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concernshealthcareisi
 
Wicks_Recommendation
Wicks_RecommendationWicks_Recommendation
Wicks_RecommendationKathleen Wicks
 
Digital Security
Digital SecurityDigital Security
Digital SecurityKoshy Tk
 

Recommended

Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh Shanmughanathan20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh ShanmughanathanSharath Kumar
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concernshealthcareisi
 
Wicks_Recommendation
Wicks_RecommendationWicks_Recommendation
Wicks_RecommendationKathleen Wicks
 
Digital Security
Digital SecurityDigital Security
Digital SecurityKoshy Tk
 
Data-driven crime prevention using AI
Data-driven crime prevention using AIData-driven crime prevention using AI
Data-driven crime prevention using AIDoreen Loeber
 
Service now vulnerability patching_move
Service now vulnerability patching_moveService now vulnerability patching_move
Service now vulnerability patching_moveSubrat Kumar Dash
 
Solution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesSolution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesThe TNS Group
 
MT29 Panel: Becoming a data-driven enterprise
MT29 Panel: Becoming a data-driven enterpriseMT29 Panel: Becoming a data-driven enterprise
MT29 Panel: Becoming a data-driven enterpriseDell EMC World
 
Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!Spiceworks Ziff Davis
 
Uncovering the key to a successful psim installation
Uncovering the key to a successful psim installationUncovering the key to a successful psim installation
Uncovering the key to a successful psim installationSandhya Rao
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat KeynoteJohn D. Johnson
 
10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business ResilienceMichael Bowers
 
Yankee Herd Intelligence Will Reshape Anti Malware
Yankee Herd Intelligence Will Reshape Anti MalwareYankee Herd Intelligence Will Reshape Anti Malware
Yankee Herd Intelligence Will Reshape Anti Malwaretswong
 
Vulnerability Voodoo and the Convergence of Foundational Security Controls
Vulnerability Voodoo and the Convergence of Foundational Security ControlsVulnerability Voodoo and the Convergence of Foundational Security Controls
Vulnerability Voodoo and the Convergence of Foundational Security ControlsTripwire
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To FailFormaliti
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityInterset
 
How Technology Can Enhance Your NonProfit Part 1
How Technology Can Enhance Your NonProfit Part 1How Technology Can Enhance Your NonProfit Part 1
How Technology Can Enhance Your NonProfit Part 1The TNS Group
 
Role Description
Role DescriptionRole Description
Role DescriptionByron Matthews
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategyVarun Tandon
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4Elliott Franklin
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2IANS
 
An Intro to Core
An Intro to CoreAn Intro to Core
An Intro to CoreResolver Inc.
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsRick van der Kleij
 

More Related Content

What's hot

Data-driven crime prevention using AI
Data-driven crime prevention using AIData-driven crime prevention using AI
Data-driven crime prevention using AIDoreen Loeber
 
Service now vulnerability patching_move
Service now vulnerability patching_moveService now vulnerability patching_move
Service now vulnerability patching_moveSubrat Kumar Dash
 
Solution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesSolution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesThe TNS Group
 
MT29 Panel: Becoming a data-driven enterprise
MT29 Panel: Becoming a data-driven enterpriseMT29 Panel: Becoming a data-driven enterprise
MT29 Panel: Becoming a data-driven enterpriseDell EMC World
 
Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!Spiceworks Ziff Davis
 
Uncovering the key to a successful psim installation
Uncovering the key to a successful psim installationUncovering the key to a successful psim installation
Uncovering the key to a successful psim installationSandhya Rao
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat KeynoteJohn D. Johnson
 
10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business ResilienceMichael Bowers
 
Yankee Herd Intelligence Will Reshape Anti Malware
Yankee Herd Intelligence Will Reshape Anti MalwareYankee Herd Intelligence Will Reshape Anti Malware
Yankee Herd Intelligence Will Reshape Anti Malwaretswong
 
Vulnerability Voodoo and the Convergence of Foundational Security Controls
Vulnerability Voodoo and the Convergence of Foundational Security ControlsVulnerability Voodoo and the Convergence of Foundational Security Controls
Vulnerability Voodoo and the Convergence of Foundational Security ControlsTripwire
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To FailFormaliti
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityInterset
 
How Technology Can Enhance Your NonProfit Part 1
How Technology Can Enhance Your NonProfit Part 1How Technology Can Enhance Your NonProfit Part 1
How Technology Can Enhance Your NonProfit Part 1The TNS Group
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategyVarun Tandon
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2IANS
 

What's hot (20)

Data-driven crime prevention using AI
Data-driven crime prevention using AIData-driven crime prevention using AI
Data-driven crime prevention using AI
 
Service now vulnerability patching_move
Service now vulnerability patching_moveService now vulnerability patching_move
Service now vulnerability patching_move
 
Solution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesSolution Spotlight IT Consulting Services
Solution Spotlight IT Consulting Services
 
MT29 Panel: Becoming a data-driven enterprise
MT29 Panel: Becoming a data-driven enterpriseMT29 Panel: Becoming a data-driven enterprise
MT29 Panel: Becoming a data-driven enterprise
 
Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!
 
Uncovering the key to a successful psim installation
Uncovering the key to a successful psim installationUncovering the key to a successful psim installation
Uncovering the key to a successful psim installation
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
 
10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience
 
Yankee Herd Intelligence Will Reshape Anti Malware
Yankee Herd Intelligence Will Reshape Anti MalwareYankee Herd Intelligence Will Reshape Anti Malware
Yankee Herd Intelligence Will Reshape Anti Malware
 
Vulnerability Voodoo and the Convergence of Foundational Security Controls
Vulnerability Voodoo and the Convergence of Foundational Security ControlsVulnerability Voodoo and the Convergence of Foundational Security Controls
Vulnerability Voodoo and the Convergence of Foundational Security Controls
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
 
How Technology Can Enhance Your NonProfit Part 1
How Technology Can Enhance Your NonProfit Part 1How Technology Can Enhance Your NonProfit Part 1
How Technology Can Enhance Your NonProfit Part 1
 
Role Description
Role DescriptionRole Description
Role Description
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategy
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2
 
An Intro to Core
An Intro to CoreAn Intro to Core
An Intro to Core
 

Similar to Human factors in cybersecurity: Needs assessment

Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsRick van der Kleij
 
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Laura Benitez
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Michael Kaishar, MSIA | CISSP
 
PostThe group of individuals with some expert abilities formed .docx
PostThe group of individuals with some expert abilities formed .docxPostThe group of individuals with some expert abilities formed .docx
PostThe group of individuals with some expert abilities formed .docxstilliegeorgiana
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsVMware Tanzu
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 
Dika model
Dika modelDika model
Dika modelnjbrann
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Mis for class lecture 1 final
Mis for class lecture 1 finalMis for class lecture 1 final
Mis for class lecture 1 finalAwais Idrees
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
Hr trends january_2016
Hr trends january_2016Hr trends january_2016
Hr trends january_2016Tom Haak
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
The Perspective of Today's Information Security Leader
The Perspective of Today's Information Security LeaderThe Perspective of Today's Information Security Leader
The Perspective of Today's Information Security LeaderRavila White
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...Pedro Henriques
 

Similar to Human factors in cybersecurity: Needs assessment (20)

Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
Towards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teamsTowards a Digital teammate to support sensemaking in Cyber Security teams
Towards a Digital teammate to support sensemaking in Cyber Security teams
 
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
PostThe group of individuals with some expert abilities formed .docx
PostThe group of individuals with some expert abilities formed .docxPostThe group of individuals with some expert abilities formed .docx
PostThe group of individuals with some expert abilities formed .docx
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Dika model
Dika modelDika model
Dika model
 
Business Mindset.pdf
Business Mindset.pdfBusiness Mindset.pdf
Business Mindset.pdf
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Mis for class lecture 1 final
Mis for class lecture 1 finalMis for class lecture 1 final
Mis for class lecture 1 final
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
Hr trends january_2016
Hr trends january_2016Hr trends january_2016
Hr trends january_2016
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
The Perspective of Today's Information Security Leader
The Perspective of Today's Information Security LeaderThe Perspective of Today's Information Security Leader
The Perspective of Today's Information Security Leader
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
 

More from Rick van der Kleij

Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!Rick van der Kleij
 
Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime Rick van der Kleij
 
Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag Rick van der Kleij
 
Human factors in cybersecurity
Human factors in cybersecurity Human factors in cybersecurity
Human factors in cybersecurity Rick van der Kleij
 
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)Rick van der Kleij
 
Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet) Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet) Rick van der Kleij
 
Social media for influence operations
Social media for influence operationsSocial media for influence operations
Social media for influence operationsRick van der Kleij
 
Opportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachOpportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachRick van der Kleij
 
Boundary spanning in military operations
Boundary spanning in military operationsBoundary spanning in military operations
Boundary spanning in military operationsRick van der Kleij
 
Coordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalitiesCoordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalitiesRick van der Kleij
 

More from Rick van der Kleij (11)

Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!
 
Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime
 
Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag
 
Human factors in cybersecurity
Human factors in cybersecurity Human factors in cybersecurity
Human factors in cybersecurity
 
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
 
Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet) Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet)
 
Social media for influence operations
Social media for influence operationsSocial media for influence operations
Social media for influence operations
 
Landmacht 2.0 sociale media
Landmacht 2.0 sociale mediaLandmacht 2.0 sociale media
Landmacht 2.0 sociale media
 
Opportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachOpportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approach
 
Boundary spanning in military operations
Boundary spanning in military operationsBoundary spanning in military operations
Boundary spanning in military operations
 
Coordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalitiesCoordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalities
 

Recently uploaded

Attachment Of Assets......................
Attachment Of Assets......................Attachment Of Assets......................
Attachment Of Assets......................AmanBajaj36
 
The Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarThe Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarHarsh Kumar
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...shivangimorya083
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawlmakika9823
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfHenry Tapper
 
Quantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector CompaniesQuantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector Companiesprashantbhati354
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfAdnet Communications
 
Mulki Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mulki Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMulki Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mulki Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一S SDS
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spiritegoetzinger
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfMichael Silva
 
Classical Theory of Macroeconomics by Adam Smith
Classical Theory of Macroeconomics by Adam SmithClassical Theory of Macroeconomics by Adam Smith
Classical Theory of Macroeconomics by Adam SmithAdamYassin2
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHenry Tapper
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...makika9823
 
Vp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppVp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppmiss dipika
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 

Recently uploaded (20)

Attachment Of Assets......................
Attachment Of Assets......................Attachment Of Assets......................
Attachment Of Assets......................
 
The Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarThe Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh Kumar
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
 
Quantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector CompaniesQuantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector Companies
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
 
Mulki Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mulki Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMulki Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mulki Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
(办理学位证)加拿大萨省大学毕业证成绩单原版一比一
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road🔝+919953056974 🔝young Delhi Escort service Pusa Road
🔝+919953056974 🔝young Delhi Escort service Pusa Road
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdf
 
Classical Theory of Macroeconomics by Adam Smith
Classical Theory of Macroeconomics by Adam SmithClassical Theory of Macroeconomics by Adam Smith
Classical Theory of Macroeconomics by Adam Smith
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview document
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
 
Vp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppVp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsApp
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 

Human factors in cybersecurity: Needs assessment

  • 1. SRP CYBER FOR FINANCIALS Human factors in cyber security | Rick van der Kleij, Dimitri Hehanussa & Reinder Wolthuis
  • 2.
  • 3. CYBER SECURITY PROFESSIONALS Innovating for Cyber Security Professionals Business state
  • 4. FOCUS ON PROFESSIONALS: ISSUES? Large component of knowledge work: creative problem solving Highly automated environment: human automation teaming Information overloaded environment/ big data problem (high number of potential false positives) ….. Question: How to improve the performance & functioning of the human elements in this challenging working enviroment? SRP Cyber for Financials
  • 5. NEEDS MODEL: INTERVIEWS IN 2017 Organization needs Team Performance needs Individual needs Instrumental needs 21 September 20175 | Computer Security Incident Response Teams Needs that pertain to Incident handling behavior or tangible outcomes, such as time to identification, or ability to remove threat Needs that pertain to the state of the team or level of team performance required for satisfactory functioning, such as team structure Needs that pertain to the individual’s abilities or attitudes, such as job satisfaction or team orientation Interventions or tools that are required to obtain a satisfactory level of functioning Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology. doi: 10.3389/fpsyg.2017.02179
  • 6. ORGANISATION Innovating for Cyber Security Professionals • Problem solving capacity; • Measuring Effectiveness; • Coordination & information exchange; • Organizational learning
  • 7. TEAM Innovating for Cyber Security Professionals • Sharing information within team (e.g., between shifts & handovers); • Work in multiteams • Team awareness;
  • 8. INDIVIDUALS Innovating for Cyber Security Professionals • Acquire en keep personnel; • Competence management; • Decision making around incident (e.g., triage); • Balancing workload
  • 9. INSTRUMENTS Innovating for Cyber Security Professionals • Interpersonal communication tools; • Incident-reports; • Visual overviews for shared situation awareness;
  • 10. 10 | Computer Security Incident Response Teams Human state monitoring OTHER RELEVANT TOPICS?
  • 11. BOTTLENECKS RELATED TO HF RESEARCH? It’s about humans, so professionals, employees or customers need to be involved in the research Capacity and involvement is required Observations and interviews sometimes needed in practice, e.g., to gain detailed understanding of how analysts perform, how sensemaking takes place in practice, and what the issues are that relate to SOC- automation. Interventions eventually need to be tested in practice (human-in-the- loop) SRP Cyber for Financials
  • 12. THANK YOU FOR YOUR ATTENTION Take a look: TIME.TNO.NL

Editor's Notes

  1. Human factors in cyber security: professionals