Designing an AI-Driven Framework for Human-Centered Cybersecurity Practices

Open Access
Article
Conference Proceedings
Authors: Kitty KioskliPedro TomasWissam MallouliJoao FernandesDimitris KoutrasLuis CordeiroDimitrios Kallergis
Abstract

Cybersecurity systems are often fragmented and difficult to navigate, leaving organisations particularly small and medium-sized enterprises (SMEs) struggling to implement effective, human-centered, and resilient security practices. End users face dispersed resources, complex regulatory requirements, and limited practical guidance, resulting in uneven levels of preparedness and cyber hygiene. These gaps undermine decision-making, organisational resilience, and the effectiveness of certification and compliance processes. To address these challenges, the paper proposes a holistic, conceptual framework that integrates human-centered principles with explainable artificial intelligence (AI) and system-level collaboration. Drawing on established approaches in human-centered security, privacy-by-design, resilience engineering, regulatory science, and AI-driven decision support, the framework aligns with the European Cybersecurity Skills Framework (ECSF). It synthesises insights from cross-sector analyses, socio-technical modelling, and European cybersecurity initiatives that emphasise interoperability and human factors. The framework is structured around five interconnected components: (i) a human-centered decision-support layer using explainable AI; (ii) a harmonised catalogue of cybersecurity, training, and regulatory resources; (iii) an interoperability and collaboration layer enabling structured, machine-readable information exchange; (iv) an adaptive learning and training component aligned with behavioural and competency models; and (v) a trust-by-design compliance engine supporting certification and conformity assessment. The analysis shows that combining human factors with explainable AI produces clearer, more actionable guidance while reducing cognitive and operational burden. Interoperability and collaboration mechanisms help overcome fragmentation, while adaptive learning pathways tailor support to skill levels and organisational maturity. Overall, the framework reframes cybersecurity as a socio-technical system shaped by people, regulation, and collaboration. Future work will empirically validate the framework across diverse organisational contexts to assess its practical impact.

Keywords: Human-centered Cybersecurity, Explainable AI, Socio-technical Systems, Cyber Resilience, Certification Processes, Behavioural Cybersecurity, Adaptive Training, Collaborative Frameworks

DOI: 10.54941/ahfe1007417

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

Micro-Decisions Under Time Pressure and Dark Patterns in Digital InterfacesBeyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)
View all articles in Human Factors in Cybersecurity