The Design of Messages to Improve Cybersecurity Incident Reporting

被引：5

作者：

Briggs, Pam ^{[1
]}

Jeske, Debora ^{[2
]}

Coventry, Lynne ^{[1
]}

机构：

[1] Northumbria Univ, Newcastle Upon Tyne, Tyne & Wear, England

[2] Univ Coll Cork, Cork, Ireland

来源：

HUMAN ASPECTS OF INFORMATION SECURITY, PRIVACY AND TRUST (HAS 2017) | 2017年 / 10292卷

基金：

英国工程与自然科学研究理事会;

关键词：

Security; User behavior; Incident reporting; Behavior change; Protection; motivation theory; Social loafing; PROTECTION MOTIVATION; TASKS;

D O I：

10.1007/978-3-319-58460-7_1

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Cybersecurity suffers from the problem of poor incident reporting. We explored message influences on incident reporting rate. Participants were presented with messages that differed in terms of (i) whether the problem was framed as a technical or a security issue and (ii) the perceived beneficiaries of making a report (benefit to the user, to others vs. no benefit message). Participants were more likely to report a problem if so doing implied some benefit to self, where making the problem more personally relevant might act to reduce social loafing in group settings. They were also more likely to report a technical rather than a security problem and qualitative data suggested that users were sometimes suspicious of messages reporting a security incident - believing that the message itself might be a cybersecurity attack. The findings provide starting points for future research aimed at improving incident reporting.

引用

页码：3 / 13

页数：11

共 50 条

[1] Cybersecurity incident reporting laws in the Asia Pacific
Nicholas Seng
International Cybersecurity Law Review, 2023, 4 (3): : 325 - 346
[2] Enabling Cybersecurity Incident Reporting and Coordinated Handling for Maritime Sector
Silverajan, Bilhanan
Vistiaho, Petteri
2019 14TH ASIA JOINT CONFERENCE ON INFORMATION SECURITY (ASIAJCIS 2019), 2019, : 88 - 95
[3] Can incident reporting improve safety? Healthcare practitioners views of the effectiveness of incident reporting
Anderson, Janet E.
Kodate, Naonori
Walters, Rhiannon
Dodds, Anneliese
INTERNATIONAL JOURNAL FOR QUALITY IN HEALTH CARE, 2013, 25 (02) : 141 - 150
[4] Banning ransomware payments: unintended effects on cybersecurity investment and incident reporting
Masaki Iwasaki
International Cybersecurity Law Review, 2025, 6 (1): : 17 - 27
[5] Evaluating incident reporting in cybersecurity. From threat detection to policy learning
Busetti, Simone
Scanni, Francesco Maria
GOVERNMENT INFORMATION QUARTERLY, 2025, 42 (01)
[6] Refining the Mandatory Cybersecurity Incident Reporting Under the NIS Directive 2.0: Event Types and Reporting Processes
Schmitz-Berndt, Sandra
PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CYBERSECURITY, SITUATIONAL AWARENESS AND SOCIAL MEDIA, CYBER SCIENCE 2022, 2023, : 343 - 351
[7] Cybersecurity incident response
Garzón, Fabian
ISACA Journal, 2020, 4 : 49 - 54
[8] Defining the reporting threshold for a cybersecurity incident under the NIS Directive and the NIS 2 Directive
Schmitz-Berndt, Sandra
JOURNAL OF CYBERSECURITY, 2023, 9 (01):
[9] Impact of Cybersecurity and AI's Related Factors on Incident Reporting Suspicious Behaviour and Employees Stress: Moderating Role of Cybersecurity Training
Muthuswamy, Vimala Venugopal
Esakki, Suresh
INTERNATIONAL JOURNAL OF CYBER CRIMINOLOGY, 2024, 18 (01): : 83 - 107
[10] Video intervention to improve incident reporting among medical trainees
Valery, Jose
Helmi, Haythem
Spaulding, Aaron
Che, Xinxuang
Prada, Gabriel
Pareja, Natalia Chamorro
Moreno-Franco, Pablo
Stancampiano, Fernando F.
BMJ OPEN QUALITY, 2019, 8 (04)

← 1 2 3 4 5 →