Integrating Human Factors into Data-driven Threat Management for Overall Security Enhancement

Abstract: Human and other non-technological issues are often overlooked, which directly and indirectly contributing to many successful cyber attacks, including DoS, social engineering, download-driven attacks, and more. Considering human issues as causes for internal threats and weaknesses, a deeper understanding of these factors is essential for overall security enhancement. Therefore, organizations of all sizes need to ensure a broad range of knowledge, skills, and awareness among all user levels, from individual end-users to security practitioners. However, this task is challenging due to the evolving nature of business, systems, and threat contexts. To address this challenge, our research represents a significant advancement in holistic and comprehensive threat assessments, surpassing existing practices by considering pertinent human factors. Our approach views humans as potential weaknesses or threats, influenced by various factors. Specifically, it incorporates key human elements, such as motivation, knowledge, context, and privilege, into the threat management process to enhance overall security. These factors are systematically classified and interconnected, facilitating the identification of weaknesses and threats posed by humans within the system context. For example, depending on the context, privilege can be categorized into three levels: organizational, departmental, and unprivileged, with end-user privileges falling into these classifications. Knowledge, as a human factor in this approach, is differentiated into technological and security awareness. Our proposed approach extends data-driven threat modeling by integrating human factors to identify and assess threats related to these factors. We present a conceptual model that combines human factors with cybersecurity concepts, including data, assets, threats, weaknesses, and controls, to assess and manage threats associated with human factors and evaluated from both insider weaknesses and threat perspectives. This contributes significantly to overall security enhancement, including improving the accuracy of threat assessments, identifying new threats, and developing more effective threat mitigation strategies.

Keywords: Threat Management, Insider Threat, Vulnerabilities, Human Factors, Context, Knowledge

DOI: 10.54941/ahfe1004778

Cite this paper:

​