This paper discusses the role of humans as “smart components” in a system, emphasizing that their autonomy must be respected and incentives should be provided to induce desired behavior. The authors argue that a misalignment of incentives can often lead to system vulnerabilities that can be exploited by attackers. The paper introduces incentive-centered design as a tool to understand and address these problems, providing design principles to mitigate them. The authors provide several examples of security problems that could benefit from incentive-centered design and elaborate on a general screening model that offers strong design principles for a class of security problems.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Evaluating the awareness of security among users plays a critical role in safeguarding Industrial Control Systems...