Access the full text.
Sign up today, get DeepDyve free for 14 days.
Ngoc Le, D. Hoang (2016)
Can maturity models support cyber security?2016 IEEE 35th International Performance Computing and Communications Conference (IPCCC)
Claire Laybats, Luke Tredinnick (2016)
Information securityBusiness Information Review, 33
R.A. Caralli, J.H. Allen, D.P. Curtis, D.W. White, L.R. Young, N. Mehravari (2016)
CERT® resilience management model, version 1.2
S. Appelbaum (1997)
Socio‐technical systems theory: an intervention strategy for organizational developmentManagement Decision, 35
(2017a)
National institute of standards and technology special publication 800-53 revision 5: Security and privacy controls for information systems and organizations, initial public draft
(2017)
IT-CMF – A management guide: based on the IT capability maturity framework™ (IT-CMF™)
Lisa Troyer (2017)
Expanding Sociotechnical Systems Theory Through the Trans-disciplinary Lens of Complexity Theory
G. Baxter, I. Sommerville (2011)
Socio-technical systems: From design methods to systems engineeringInteract. Comput., 23
B. Sabbagh, S. Kowalski (2012)
ST(CS)2 - Featuring socio-technical cyber security warning systemsProceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec)
Kleanthis Dellios, Dimitrios Papanikas, D. Polemi (2015)
Information Security Compliance over Intelligent Transport Systems: Is IT Possible?IEEE Security & Privacy, 13
D. Budzak (2016)
Information security – The people issueBusiness Information Review, 33
Ahmad Al-Daraiseh, Afnan Al-Joudi, Hanan Al-Gahtani, Maha Al-Qahtani (2014)
Social Networks’ Benefits, Privacy, and Identity Theft: KSA Case StudyInternational Journal of Advanced Computer Science and Applications, 5
G. Russell (2017)
Resisting the persistent threat of cyber-attacksComputer Fraud & Security, 2017
(2017)
Open information security management maturity model (O-ISM3), version 2.0
Andrea Hester (2014)
Socio-technical systems theory as a diagnostic tool for examining underutilization of wiki technologyThe Learning Organization, 21
P. Wu, C. Fookes, Jegar Pitchforth, K. Mengersen (2015)
A framework for model integration and holistic modelling of socio-technical systemsDecis. Support Syst., 71
(2016)
Model based evaluation of cybersecurity implementations in information technology: new generations
(2017)
The functional resonance analysis
W. Newhouse, G. Witte (2017)
National institute of standards and technology special publication 800-181: National initiative for cybersecurity education (NICE) cybersecurity workforce framework
R.S. Ross, J. Oren (2016)
National institute of standards and technology special publication 800-160, systems security engineering – considerations for a multidisciplinary approach in the engineering of trustworthy secure systems
W. Hadid, S. Mansouri, D. Gallear (2016)
Is lean service promising? A socio-technical perspectiveInternational Journal of Operations & Production Management, 36
S. Salim, Taekyong Lee, Joongyoon Lee (2016)
Technology Readiness Level as an Exit Criteria of Early Life Cycle Phases for Steel‐making PlantINCOSE International Symposium, 26
Clement Guitton (2013)
Cyber insecurity as a national threat: overreaction from Germany, France and the UK?European Security, 22
(2017b)
Framework for improving critical infrastructure cybersecurity, draft version 1.1
Renier Heerden, Sune Soms, R. Mooi (2016)
Classification of cyber attacks in South Africa2016 IST-Africa Week Conference
K. Dorville (2014)
Department of homeland security: cybersecurity capability maturity model, version 1.0
M. Carcary, K. Renaud, S. McLaughlin, C. O'Brien (2016)
A Framework for Information Security Governance and ManagementIT Professional, 18
P. Carayon, P. Hancock, N. Leveson, I. Noy, L. Sznelwar, Geert Hootegem (2015)
Advancing a sociotechnical systems approach to workplace safety – developing the conceptual frameworkErgonomics, 58
Guangquan Zhang, Jie Lu, Ya Gao (2015)
Multi-Level Decision Making: Models, Methods and Applications
(2014)
Ageing workforce knowledge management and transactional and transformational leadership: a socio-technical systems framework and a norwegian case study
J. Vuorinen, Pekka Tetri (2016)
Paradoxes in Information SecurityIEEE Potentials, 35
R. Oosthuizen, Leon Pretorius (2016)
Assessing the impact of new technology on complex sociotechnical systemsSouth African Journal of Industrial Engineering, 27
M. Davis, R. Challenger, Dharshana Jayewardene, C. Clegg (2014)
Advancing socio-technical systems thinking: a call for bravery.Applied ergonomics, 45 2
Walter Miron, K. Muita (2014)
Cybersecurity Capability Maturity Models for Providers of Critical InfrastructureTechnology Innovation Management Review, 4
N. Leveson (2004)
A new accident model for engineering safer systemsSafety Science, 42
E. Mumford (2006)
The story of socio‐technical design: reflections on its successes, failures and potentialInformation Systems Journal, 16
Qi Jing, A. Vasilakos, J. Wan, Jingwei Lu, Dechao Qiu (2014)
Security of the Internet of Things: perspectives and challengesWireless Networks, 20
G. Bella, P. Curzon, G. Lenzini (2015)
Service security and privacy as a socio-technical problemJ. Comput. Secur., 23
N. Carroll, M. Helfert (2015)
Service capabilities within open innovation: Revisiting the applicability of capability maturity modelsJ. Enterp. Inf. Manag., 28
Abideen Tetlay, P. John (2009)
Determining the Lines of System Maturity, System Readiness and Capability Readiness in the System Development Lifecycle.
R. Beekun (1989)
Assessing the Effectiveness of Sociotechnical Interventions: Antidote or Fad?Human Relations, 42
P. Williams (2008)
A practical application of CMM to medical security capabilityInf. Manag. Comput. Secur., 16
M. Kenney (2015)
Cyber-Terrorism in a Post-Stuxnet WorldOrbis, 59
E. Rigon, C. Westphall, D. Santos, Carlos Westphall (2014)
A cyclical evaluation model of information security maturityInf. Manag. Comput. Secur., 22
R. Bostrom, J. Heinen (1977)
MIS Problems and failures: a sociotechnical perspective part I: the causeManagement Information Systems Quarterly, 1
E. Trist, K. Bamforth (1951)
Some Social and Psychological Consequences of the Longwall Method of Coal-GettingHuman Relations, 4
(2012)
A critical review of the STAMP, FRAM and accimap systemic accident analysis models
Jacob Wurm, Yier Jin, Yang Liu, Shiyan Hu, K. Heffner, Fahim Rahman, M. Tehranipoor (2017)
Introduction to Cyber-Physical System Security: A Cross-Layer PerspectiveIEEE Transactions on Multi-Scale Computing Systems, 3
Deepak Puthal, S. Nepal, R. Ranjan, Jinjun Chen (2016)
Threats to Networking Cloud and Edge Datacenters in the Internet of ThingsIEEE Cloud Computing, 3
Roy Wendler (2012)
The maturity of maturity model research: A systematic mapping studyInf. Softw. Technol., 54
M.L. Penn, M. Segnit (2015)
Security management guide for CMMI v 1.3
(2014)
Oil and natural gas subsector: Cybersecurity capability maturity model version 1.1
B. Whitworth (2009)
A Brief Introduction to Sociotechnical Systems
S. Ray, Yier Jin, A. Raychowdhury (2016)
The Changing Computing Paradigm With Internet of Things: A Tutorial IntroductionIEEE Design & Test, 33
Marvin Washington, M. Hacker (2000)
System equivalence: the application of joint optimizationMeasuring Business Excellence, 4
Danny Maher (2017)
Can artificial intelligence help in the war on cybercrimeComputer Fraud & Security, 2017
D. Craigen, Nadia Diakun-Thibault, R. Purse (2014)
Defining Cybersecurity
Fei Hu, Yu Lu, A. Vasilakos, Qi Hao, Rui Ma, Yogendra Patil, Ting Zhang, Jiang Lu, Xin Li, N. Xiong (2016)
Robust Cyber-Physical Systems: Concept, models, and implementationFuture Gener. Comput. Syst., 56
Ivo Friedberg, K. Mclaughlin, Paul Smith, D. Laverty, S. Sezer (2017)
STPA-SafeSec: Safety and security analysis for cyber-physical systemsJ. Inf. Secur. Appl., 34
M. Zeiler (2016)
Data Acquisition at CERN: A Future ChallengeIEEE Potentials, 35
(1998)
The sociotechnical systems organization design assessment survey
Z. Soomro, M. Shah, J. Ahmed (2016)
Information security management needs more holistic approach: A literature reviewInt. J. Inf. Manag., 36
C. Schütz, M. Schrefl (2017)
Towards Formal Strategy Analysis with Goal Models and Semantic Web Technologies
F. Emery (1982)
Sociotechnical Foundations for a New Social Order?Human Relations, 35
William Newhouse, S. Keith, B. Scribner, Gregory Witte (2017)
National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (Portuguese translation)
T. Egan, Baiyin Yang, K. Bartlett (2004)
The effects of organizational learning culture and job satisfaction on motivation to transfer learning and turnover intentionHuman Resource Development Quarterly, 15
S. Furnell, D. Emm (2017)
The ABC of ransomware protectionComputer Fraud & Security, 2017
Kallaya Jairak, P. Praneetpolgrang (2013)
Applying IT governance balanced scorecard and importance-performance analysis for providing IT governance strategy in universityInf. Manag. Comput. Secur., 21
G. Walker, N. Stanton, D. Jenkins, P. Salmon, M. Young, Amerdeep Aujla (2007)
Sociotechnical Theory and NEC System Design
S. Furnell, R. Esmael (2017)
Evaluating the effect of guidance and feedback upon password complianceComputer Fraud & Security, 2017
This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.Design/methodology/approachThe socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.FindingsThe results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.Practical implicationsThis research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.Originality/valueThe application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.
Information and Computer Security – Emerald Publishing
Published: May 28, 2019
Keywords: Information security; Security; Modelling
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.