Cyber risk assessment standards and methodologies do not consider psychological, social and behavioural parameters in their classifications of the attackers’ types, profiles, and competencies. In this paper, we present a holistic, multidimensional approach to examine the likelihood for an attackers’ behaviour to occur by considering all influential factors (e.g., technical, social, behavioural, psychological). Furthermore, the quantification of the attackers’ behaviours may lead to better estimate attacks’ potential.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...