CHEAT: an Updated Approach for Incorporating Human Factors in to Cyber Security Assessments
The human element has been identified as a contributing factor in over 95% of cyber-security incidents. Current technical risk assessment methodologies, such as the IS1-2 Supplement, go some way to quantifying the characteristics of non-malicious insider attacks. However, the approaches are based on historical understanding of the user group, organisational security culture and past security breaches, and do not fully consider the psychological motivations that give rise to human error in cyber-security scenarios. Applied knowledge of human limitations and cognitive biases was used to derive a structured approach to capture typical human errors as part of cyber-security assessments. By recognising the psychological root causes behind human errors in cyber-security scenarios, one can identify appropriate risk management and mitigating strategies, in the same way that human reliability analysis tools, such as the Human Error Assessment and Reduction Technique (HEART), mitigate human error as part of safety case evidence. This article presents the cyber human error assessment tool, a structured approach to address human factor considerations in cyber-security assessments.
Please sign in or register for FREE
Sign in to E&T Cyber Security Hub
Register to E&T Cyber Security Hub
E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.