Information and Computer Security: Volume 32 Issue 2

Applying the Goal, Question, Metric method to derive tailored dynamic cyber risk metrics

Miguel Calvo, Marta Beltrán

This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it…

Exploring the role of assurance context in system security assurance evaluation: a conceptual model

Shao-Fang Wen, Basel Katt

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in…

Determining cybersecurity culture maturity and deriving verifiable improvement measures

Peter Dornheim, Ruediger Zarnekow

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated…

Informational inequality: the role of resources and attributes in information security awareness

Gregory Lyon

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is…

Organizational perspectives on converged security operations

Herbert Mattord, Kathleen Kotwica, Michael Whitman, Evan Battaglia

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

Human factors and cyber-security risks on the railway – the critical role played by signalling operations

Eylem Thron, Shamal Faily, Huseyin Dogan, Martin Freer

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at…