Human Factors

Information Security, Personality, and Justifications for Norm Violation


Human factors account for 27% of data breaches on the global scale. Even with clear and often strict policies in place, employees are often considered to be the weakest link in the field of Information Security (IS. This paper seeks to find one explanation for this phenomenon in military context by exploring military cadets’ personalities, as well as their reasons and justifications for using neutralisation techniques in order to deviate from organisational IS regulations. The results of this paper emphasise that a more personalised approach to IS education could be useful.

A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems


Advanced persistent threats that leverage phishing against OT are cyberattacks that endanger critical infrastructure assets nationwide. Today phishing, a human focused exploit, constitutes 91%  of successful attack vectors against federal assets. This means Human-Introduced Cyber Vulnerabilities (HICV) are the weakest cyber link. The success of these attacks also suggests HICV are neither well understood nor mitigated. To characterise HICV and provide the necessary context in which they exist, this paper introduces a research approach derived from the mature sci-ence of social ecology. The desired end result of this research is an HICV-focused risk assessment framework.

Understanding Operator Fatigue, Frustration, and Cognitive Workload in Tactical Cybersecurity Operations


While the human factors of mission critical systemd weapons systems have been extensively studied, there has been little work on cyber operations. As with any system, the perfect storm of complex tasks in a high-risk environment takes an incredible toll on human operators, leading to errors, decreased performance, and burnout. An extensive studtacticaly of  cyber operations at the National Security Agency found that operator fatigue,  frustration,  and  cognitive  workload  significantly  increase  over  the  course  of  an operation. A discussion of these findings helps us understand the impact that the high-stress, high-risk environment of tactical cyber operations has on its ops such as air traffic control anerators.

The Importance of Human Factors when Assessing Outsourcing Security Risks


The word is becoming increasingly interconnected and ways of doing business are evolving rapidly. Communications technology is ubiquitous and reliable and businesses are continuously seeking ways in which systems can be exploited to improve resilience, become more efficient and reduce costs. One way in which organisations seek to achieve this is by concentrating their efforts on core business processes and outsourcing non-core functions. However, outsourcing - and particularly off-shoring - presents many security issues that must be considered throughout the lifetime of contracts. The scale of outsourcing and increasing technological and security complexity is making this task more difficult. Often neglected, or given low priority, are factors relating to the people who will be working on the contract. These factors will be driven by regional and cultural differences and will manifest themselves in differing security threat and risk profiles and risk management frameworks must be designed to recognise and cater for these variations.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.










Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.871.3949