Human factor is widely recognized as the first threat to the security of information systems (ISS). ISS research thus points to the problem of user behavior, which is overwhelmingly represented as a fallibility that would be part of its nature. Companies would therefore have no choice but to anticipate these behaviors in order to reinforce the security of the information system. However, despite all the collective legitimacy contributing to the “normal” evolution of this field of research, could we think differently this problem? We therefore conducted a critical review of the literature on the human factor in information system security publications over 31 years (between 1989 and 2020). Our results draw the details of a normal science that has developed and deepened our knowledge of human behavior to protect an information system. We discovered that this main knowledge production shares structural epistemic and moral assumptions.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...