Litteraturöversikt av samspelet mellan människa, teknik och organisation för IT-säkerhet


  • Peter Svenmarck

Publish date: 2017-05-09

Report number: FOI-R--4425--SE

Pages: 39

Written in: Swedish


  • cyber security
  • task analysis
  • personnel management
  • situation awareness
  • intrusion detection
  • visualisation
  • usability
  • game theory
  • policy compliance
  • security awareness
  • security culture
  • authentication
  • phishing
  • insider threat


With the increased use of communication and information technologies, antagonists try access and affect these information flows. Information systems are especially vulnerable for such attacks due to rapid threat development, many access points, and large information flows. Traditionally, cyber security research has mainly focused on technical protection. However, there is a growing amount of research about of how cyber security is created in the integration of organisational processes, technical protection, and personnel. The report describes a literature review of human systems integration for cyber security. The literature review summarises typical research topics and available results. The literature selection was limited to searches on Google Scholar, recent conferences, and recommendations from other researchers. Of about 500 identified publications, the literature review summarises 93. The literature review shows that the available literature about attackers is rather limited. Some studies describe how attackers create complex mental models to exploit weaknesses that the defenders do not expect. The available literature about defenders is more comprehensive. For example, the literature describes the task complexity for cyber security practitioners. Typical cyber security tasks encompass analysis, advice, and audit of cyber security in collaboration with many stakeholders. An important task is development of the cyber security policy. However, cyber security practitioners often do not have sufficient knowledge about the work processes to develop a truly usable policy. Further, intrusion detection is an important function to detect unauthorised access. Here, analysts use their situated knowledge about the network to determine which alerts from intrusion detection systems that indicate actual attacks. Existing tools for analysis of intrusions usually consist of textual search functions where operators can test their hypotheses in a flexible way. Further, users are responsible for not unnecessarily creating vulnerabilities. Users respect for the cyber security policy depends on both individual and organisational factors. Some individual factors are attitudes, norms, self-efficacy, and understanding of the cyber security policy. Some organisational factors are management support for cyber security, which affects the cyber security culture. Additionally, users are overall poor at detecting phishing since it utilises learned heuristics for managing e-mail, which means that detailed examinations are seldom performed. Finally, the report provides some recommendations for future studies of attackers, defenders, and users.