Conference item
Practitioners’ views on cybersecurity control adoption and effectiveness
- Abstract:
- Cybersecurity practitioners working in organisations implement risk controls aiming to improve the security of their systems. Determining prioritisation of the deployment of controls and understanding their likely impact on overall cybersecurity posture is challenging, yet without this understanding there is a risk of implementing inefficient or even harmful security practices. There is a critical need to comprehend the value of controls in reducing cyber-risk exposure in various organisational contexts, and the factors affecting their usage. Such information is important for research into cybersecurity risk and defences, for supporting cybersecurity decisions within organisations, and for external parties guiding cybersecurity practice such as standards bodies and cyber-insurance companies. Cybersecurity practitioners possess a wealth of field knowledge in this area, yet there has been little academic work collecting and synthesising their views. In an attempt to highlights trends and a range of wider organisational factors that impact on a control’s effectiveness and deployment, we conduct a set of interviews exploring practitioners’ perceptions. We compare alignment with the recommendations of security standards and requirements of cyber-insurance policies to validate findings. Although still exploratory, we believe this methodology would help in identifying points of improvement in cybersecurity investment, describing specific potential benefits.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Version of record, 699.8KB, Terms of use)
-
- Publisher copy:
- 10.1145/3465481.3470038
Authors
- Publisher:
- Association for Computing Machinery
- Host title:
- Proceedings of the International Workshop on Information Security Methodology and Replication Studies
- Article number:
- 91
- Publication date:
- 2021-08-17
- Acceptance date:
- 2021-06-07
- Event title:
- International Workshop on Information Security Methodology and Replication Studies
- Event location:
- Online
- Event website:
- https://www.ares-conference.eu/workshops/iwsmr-2021/
- Event start date:
- 2021-08-17
- Event end date:
- 2021-08-20
- DOI:
- ISBN:
- 978-1-4503-9051-4
- Language:
-
English
- Keywords:
- Pubs id:
-
1186928
- Local pid:
-
pubs:1186928
- Deposit date:
-
2021-07-19
Terms of use
- Copyright holder:
- Axon et al.
- Copyright date:
- 2021
- Rights statement:
- © 2021 Copyright held by the owner/author(s). This work is licensed under a Creative Commons Attribution International 4.0 License.
- Notes:
- This paper was presented at the 16th International Workshop on Information Security Methodology and Replication Studies (ARES 2021), 17th-20th August 2021.
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record