Maria Spichkova,Huai Liu,Mohsen Laali,Heinz W. Schmidt

DOI: https://doi.org/10.48550/arXiv.1503.03584

2015-03-12

Abstract:In this paper, we present our vision of the integration of human factors engineering into the software development process. The aim of this approach is to improve the quality of software and to deal with human errors in a systematic way.

Software Engineering,Human-Computer Interaction

Jing-chang WANG,Gen-cai CHEN

DOI: https://doi.org/10.3969/j.issn.1671-7147.2005.02.008

2005-01-01

Abstract:There are a lot of risks in the software developing process. To control the risk, the sorts of risk are defined from the software development and project management. The paper presents four main parts of risk identification and risk analysis. The risks during software development process and possible solutions are analyzed while the risk quantity method, parameter model and experience data are presented. According to these risk identification methods and every phase situation of software development, the strategy of risk control is proposed. About eighty percent risk can be identified and controlled in the statistic application.

Moinescu R.

DOI: https://doi.org/10.21279/1454-864x-19-i1-022

2019-07-15

Scientific Bulletin of Naval Academy

Abstract:Along with the development of information technology in recent years, awareness about the security of computer systems is also increasing. Because the human factor is often guilty of the vulnerabilities to which an information system is exposed, this paper will research and evaluate disparate attack vectors which are being utilized today to successfully exploit human weaknesses. We will also try to create a mechanism to mitigate against these attack vectors.

Marcel Fourn,Dominik Wermke,Sascha Fahl,Yasemin Acar,Marcel Fourné

DOI: https://doi.org/10.1109/msec.2023.3316569

IF: 3.105

2023-11-14

IEEE Security & Privacy

Abstract:While securing dependencies and build systems is necessary, recent attacks have shown that developers are a commonly successfully attacked link in the chain. Therefore, a comprehensive approach that considers the human factor is crucial for effective software supply chain security.

computer science, information systems, software engineering

Abdul Hadi bin Abdul Rahman,Abdullah Nazir,Kim Tae Hyun,Tan Horng Yarng,Fatima-tuz-Zahra

DOI: https://doi.org/10.48550/arXiv.2012.10881

2020-12-20

Software Engineering

Abstract:Secure development process is a procedure taken by developers to ensure the programs developed are following the general security standards and will always be up to date so that the outcomes are well secured and obedient. As a software developer, it is very crucial to implement and develop a highly secured and reliable program for clients and users. In this current digital world where everything is advancing faster than we can ever think of, most of the old security policies can no longer be implemented alone. The consequences and impacts that could be brought upon a company are really huge if the software applications are not secured according to the modern trend. Therefore, in this paper research is done to asses the security integration in software development process. The concept and the purpose of this research is to provide insight about the current issues and challenges faced by most of the software developers in terms of secure software development. With a better and clearer explanation of these issues, challenges, and methodologies adopted to overcome them are discussed which can potentially provide a better and higher level of security along with better software programmers and client relationship. To comply with future demands and threats, security concerns need to be involved in all phases while developing a software system. Therefore, an effort is made to investigate and contribute to this domain through this paper.

Mark Evans,Leandros A. Maglaras,Ying He,Helge Janicke

DOI: https://doi.org/10.48550/arXiv.1601.03921

2016-01-15

Cryptography and Security

Abstract:There continue to be numerous breaches publicised pertaining to cyber security despite security practices being applied within industry for many years. This article is intended to be the first in a number of articles as research into cyber security assurance processes. This article is compiled based on current research related to cyber security assurance and the impact of the human element on it. The objective of this work is to identify elements of cyber security that would benefit from further research and development based on the literature review findings. The results outlined in this article present a need for the cyber security field to look in to established industry areas to benefit from effective practices such as human reliability assessment, along with improved methods of validation such as statistical quality control in order to obtain true assurance. The article proposes the development of a framework that will be based upon defined and repeatable quantification, specifically relating to the range of human aspect tasks that provide, or are intended not to negatively affect cyber security posture.

Sam Wen Ping,Jeffrey Cheok Jun Wah,Lee Wen Jie,Jeremy Bong Yong Han,Saira Muzafar

2023-11-18

Abstract:In recent years, technology has advanced considerably with the introduction of many systems including advanced robotics, big data analytics, cloud computing, machine learning and many more. The opportunities to exploit the yet to come security that comes with these systems are going toe to toe with new releases of security protocols to combat this exploitation to provide a secure system. The digitization of our lives proves to solve our human problems as well as improve quality of life but because it is digitalized, information and technology could be misused for other malicious gains. Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more. This issue can be corrected during the software development life cycle, integrating security across the development phases, and testing of the software is done early to reduce the number of vulnerabilities that might or might not heavily impact an organisation depending on the range of the attack. The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle where through planning and testing is done to maximise security while maintaining functionality of the system. In this paper, we are going to discuss the recent trends in security for system development as well as our predictions and suggestions to improve the current security practices in this industry.

Cryptography and Security,Software Engineering

Pradeep Waychal,Luiz Fernando Capretz

DOI: https://doi.org/10.5121/csit.2017.70414

2017-04-04

Abstract:It is impossible to separate the human factors from software engineering expertise during software development, because software is developed by people and for people. The intangible nature of software has made it a difficult product to successfully create, and an examination of the many reasons for major software system failures show that the reasons for failures eventually come down to human issues. Software developers, immersed as they are in the technological aspect of the product, can quickly learn lessons from technological failures and readily come up with solutions to avoid them in the future, yet they do not learn lessons from human aspects in software engineering. Dealing with human errors is much more difficult for developers and often this aspect is overlooked in the evaluation process as developers move on to issues that they are more comfortable solving. A major reason for this oversight is that software psychology (the softer side) has not developed as extensively.

Computers and Society

D. Sandhya rani,T. Varalakshmi,G. Hemanth kumar

DOI: https://doi.org/10.47392/irjaem.2024.0255

2024-05-31

Abstract:Despite significant efforts to ensure the success of software projects, the risk of failure remains high. Although these risks cannot be entirely eliminated, they can be effectively managed through proper risk management techniques throughout the software development lifecycle. This study aims to classify and identify the most effective risk management techniques using factor analysis. We surveyed software project managers, presenting them with thirty different risk management techniques, which they frequently used and deemed effective. We categorized these techniques into three main components: Planning and Requirement Techniques, Communication Techniques, and Models and Tools. The study's findings will be applied to a real-world software project to verify their effectiveness in mitigating risks. A novel multi-dimensional weighting approach is proposed to highlight the relationships between risks and actions, selecting best-fit profiles for both business and risk via an `if-the-shoe-fits' process, and determining precise mitigating actions through score tolerance bands. The successful identification and implementation of these techniques are expected to significantly improve the likelihood of mitigating risks in software projects.

Cenk Aksoy Bilen

DOI: https://doi.org/10.17261/pressacademia.2023.1735

2023-06-30

Pressacademia

Abstract:Purpose- With the rapid advancement of information and communication technologies, businesses are facing growing security risks. The prevalence, intensity, and complexity of cyber attacks worsen these vulnerabilities, leading to a rising focus on cybersecurity. Enterprises exposed to such cyberattacks might not only face considerable financial losses but also experience data breaches, operational interruptions, harm to their reputation, regulatory penalties, legal expenses, reduced competitive standing, and increased insurance premiums. In this concept study discusses the importance of human factors in cybersecurity management. While organizations spend billions on information technology systems and software to detect and prevent cyber threats, individuals play a critical role in managing these risks. Methodology- Through a review of literature and statistical data, study examines the factors contributing to cybersecurity breaches, the allocation of resources to address them, and proposes potential solutions. Findings- In the workplace, most research on cybersecurity focuses on employees as the most important source of vulnerability. In the literature review, it is understood that an employee’s carelessness and lack of awareness pose the greatest risk to cybersecurity. However, businesses often fail to show sufficient attention to human behavior in their efforts to keep organizational data secure and to plan security strategies. It is important to note that effective cybersecurity management requires not only technical controls but also the management of human factors. Meanwhile, security expenditures in enterprises are often disproportionately allocated to technology investments, with 97% being spent on technology investments, despite the fact that over 85% of breaches are attributable to human factors. Conclusion- In the literature review, it is understood that cybersecurity management is not only related to technical controls, but also the management of human factors is of critical importance. The management of individuals is also an essential cybersecurity responsibility. It is important to adopt a holistic approach to cybersecurity management includes both technical and human perspectives. Cybersecurity awareness has significant benefits for businesses to effectively manage cybersecurity which can be achieved by developing appropriate training programs and foster a cybersecurity culture. Keywords: Cybersecurity, cybersecurity management, cybersecurity awareness, technology investments, human factor JEL Codes: M12, M15, L86

Harrison Stewart,Jan Jürjens

DOI: https://doi.org/10.1108/ics-07-2016-0054

2017-11-13

Information and Computer Security

Abstract:Purpose The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset. Design/methodology/approach Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B. Findings Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own. Research limitations/implications The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings. Practical implications In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed. Social implications The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps. Originality/value The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.

Niroop Sugunaraj

2024-05-21

Abstract:This paper examines the complex nature of cyber attacks through an analysis of the LastPass breach. It argues for the integration of human-centric considerations into cybersecurity measures, focusing on mitigating factors such as goal-directed behavior, cognitive overload, human biases (e.g., optimism, anchoring), and risky behaviors. Findings from an analysis of this breach offers support to the perspective that addressing both the human and technical dimensions of cyber defense can significantly enhance the resilience of cyber systems against complex threats. This means maintaining a balanced approach while simultaneously simplifying user interactions, making users aware of biases, and discouraging risky practices are essential for preventing cyber incidents.

Human-Computer Interaction,Cryptography and Security

Asif Imran

DOI: https://doi.org/10.1007/978-3-031-36597-3

2023-10-23

Abstract:Software security requirements have been traditionally considered as a non-functional attribute of the software. However, as more software started to provide services online, existing mechanisms of using firewalls and other hardware to secure software have lost their applicability. At the same time, under the current world circumstances, the increase of cyber-attacks on software is ever increasing. As a result, it is important to consider the security requirements of software during its design. To design security in the software, it is important to obtain the views of the developers and managers of the software. Also, it is important to evaluate if their viewpoints match or differ regarding the security. Conducting this communication through a specific model will enable the developers and managers to eliminate any doubts on security design and adopt an effective strategy to build security into the software. In this paper, we analyzed the viewpoints of developers and managers regarding their views on security design. We interviewed a team of 7 developers and 2 managers, who worked in two teams to build a real-life software product that was recently compromised by a cyber-attack. We obtained their views on the reasons for the successful attack by the malware and took their recommendations on the important aspects to consider regarding security. Based on their feedback, we coded their open-ended responses into 4 codes, which we recommended using for other real-life software as well.

Software Engineering,Cryptography and Security,Computers and Society

Debi Ashenden

DOI: https://doi.org/10.1016/j.istr.2008.10.006

2008-11-01

Information Security Technical Report

Abstract:This paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage this while trying to achieve the optimum configuration of resources in order to meet business objectives. The paper considers the challenges for Information Security from an organisational perspective and develops an argument that builds on research from the fields of management and organisational behaviour. It concludes that the human challenge of Information Security management has largely been neglected and suggests that to address the issue we need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers.

Sweta Mahaju,Jeffrey C. Carver,Gary L. Bradshaw

2023-04-06

Abstract:Context: Software development is human-centric and vulnerable to human error. Human errors are errors in the human thought process. To ensure software quality, practitioners must understand how to manage these human errors. Organizations often change the requirements engineering process to prevent human errors from occurring or to mitigate the harm caused when those errors do occur. While there are studies on human error management in other disciplines, research on the prevention and mitigation of human errors in software engineering, and requirements engineering specifically, are limited. The software engineering studies do not provide strong results about the types of changes that are most effective in requirements engineering. Objective: The goal of this paper is to develop a taxonomy of human error prevention and mitigation strategies based on data from requirements engineering professionals. Method: We performed a qualitative analysis of two practitioner surveys on requirements engineering practices to identify and classify strategies for the prevention and mitigation of human errors. Results: We organized the human error management strategies into a taxonomy based on whether they primarily affect People, Processes, or the Environment. Inside each high-level category, we further organized the strategies into low-level classes. More than 50% of the reported strategies require a change in Process, 23% require a change in Environment, 21% require a change in People, with the remaining 5% too ambiguous to classify. In addition, more than 50\% of the strategies focus on Management activities. Conclusions: The Human Error Management Taxonomy provides a systematic classification and organization of strategies for prevention and mitigation of human errors in requirements engineering. This systematic organization provides a foundation upon which research can build.

Software Engineering

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-25629-6_114

2019-01-01

Abstract:Information systems support organizations to achieve strategic competitiveness and to improve the decision-making process. In addition, they help timely implementation of projects and effective risk management. A reliable and coherent information system requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing a business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. To date, studies have shown that non-technical risks are as important as technical risks in safeguarding. However, little attention has been paid to the role of human factors or organizational factors. This study validates the importance of non-technical factors based on a case study of an incident analysis using the information security framework with a focus of non-technical factors.

Sergey Viktorovich Zykov,Joseph Afriyie Attakorah

DOI: https://doi.org/10.48550/arXiv.2007.12019

2020-07-23

Abstract:Software development, despite all the significant improvements it contributes to society, is a very expensive high-risk venture. Every software project commences with the intention to deliver a software product on time and within budget, but a great percentage of these software projects either fail to achieve their full potential or fail entirely. A lot of factors come to play in this regard and the dominant amongst them, which is often overlooked and oftentimes the biggest or strongest factor, is the human factor, as software development is a basic human endeavor. Knowledge and understanding of human factors can greatly influence the success of software development. The purpose of this survey is to find out and throw more light on the human factors that have influences in crisis responsive software development, spell out some recommendations, and suggest future research directions. In this paper, we use a case study to investigate the human factors.

Software Engineering

Oyelami Julius Olusegun,Norafida Binti Ithnin

DOI: https://doi.org/10.48550/arXiv.1309.0189

2013-09-01

Computers and Society

Abstract:Information sharing in organization has been considered as an important approach in increasing organizational efficiency, performance and decision making. With the present and advances in information and communication technology, sharing information and exchanging of data across organizations has become more feasible in organization. However, information sharing has been a complex task over the years and identifying factors that influence information sharing across organization has becomes crucial and critical. Researchers have taken several methods and approaches to resolve problems in information sharing at all levels without a lasting solution, as sharing is best understood as a practice that reflects behavior, social, economic, legal and technological influences. Due to the limitation of the conventional ISM3 standards to address culture, social, legislation and human behavior, the findings in this paper suggest that, a centralized information structure without human practice, distribution of information and coordination is not effective. This paper reviews the previous information sharing research, outlines the factors affecting information sharing and the different practices needed to improve the management of information security by recommending several combinations of information security and coordination mechanism for reducing uncertainty during sharing of information .This thesis proposes information security management protocol (ISMP) as an enhancement towards ISM3 to resolve the above problems. This protocol provides a means for practitioners to identify key factors involved in successful information sharing.....

Cataldo Basile,Bjorn De Sutter,Daniele Canavese,Leonardo Regano,Bart Coppens

DOI: https://doi.org/10.48550/arXiv.2303.15033

2023-03-27

Abstract:The last years have seen an increase in Man-at-the-End (MATE) attacks against software applications, both in number and severity. However, software protection, which aims at mitigating MATE attacks, is dominated by fuzzy concepts and security-through-obscurity. This paper presents a rationale for adopting and standardizing the protection of software as a risk management process according to the NIST SP800-39 approach. We examine the relevant constructs, models, and methods needed for formalizing and automating the activities in this process in the context of MATE software protection. We highlight the open issues that the research community still has to address. We discuss the benefits that such an approach can bring to all stakeholders. In addition, we present a Proof of Concept (PoC) decision support system that instantiates many of the discussed construct, models, and methods and automates many activities in the risk analysis methodology for the protection of software. Despite being a prototype, the PoC's validation with industry experts indicated that several aspects of the proposed risk management process can already be formalized and automated with our existing toolbox and that it can actually assist decision-making in industrially relevant settings.

Software Engineering,Cryptography and Security

Ashleigh Brady,Neelam Naikar

DOI: https://doi.org/10.1080/00140139.2021.2005823

IF: 2.5612

Ergonomics

Abstract:Besides radically altering work, advances in automation and intelligent technologies have the potential to bring significant societal transformation. These transitional periods require an approach to analysis and design that goes beyond human-machine interaction in the workplace to consider the wider sociotechnical needs of envisioned work systems. The Sociotechnical Influences Space, an analytical tool motivated by Rasmussen's risk management model, promotes a holistic approach to the design of future systems, attending to societal needs and challenges, while still recognising the bottom-up push from emerging technologies. A study explores the concept and practical potential of the tool when applied to the analysis of a large-scale, 'real-world' problem, specifically the societal, governmental, regulatory, organisational, human, and technological factors of significance in mixed human-artificial agent workforces. Further research is needed to establish the feasibility of the tool in a range of application domains, the details of the method, and the value of the tool in design. Practitioner summary: Emerging automation and intelligent technologies are not only transforming workplaces, but may be harbingers of major societal change. A new analytical tool, the Sociotechnical Influences Space, is proposed to support organisations in taking a holistic approach to the incorporation of advanced technologies into workplaces and function allocation in mixed human-artificial agent teams.