ABSTRACT
The requirement for the consistent performance of good security practice implies the need for a substantive and well-documented means to ensure proper Human Security discipline. That discipline must guarantee that the required Organizational Security practices are consistently and reliably performed. Thus, cybersecurity in the human realm is built around the systematic execution of pre-designated tasks. These tasks are chosen to mitigate a given threat. Therefore, the consistent execution of those tasks is essential to ensure continuous protection. Given the requirement for consistency, the designated cybersecurity procedure must be performed in a coordinated fashion by every member of the organization, at all times. Accordingly, one of the first conditions for establishing a systematic Human Security process is to precisely define the practices that are intended for each of the organizational roles that either access information or who manage the process.
The challenge that cybersecurity professionals face is that humans do not behave rationally or predictably. That is due to human variability. Technology is generally reliable, and if it is properly installed and operated correctly, it will consistently do what it was designed to do. So, it is possible to model and predict its outcomes. But that isn't even close to the case with human beings. The current field of cybersecurity is essentially computer-oriented, and thus, the foibles of basic human behavior are more or less a mystery to a profession that focuses almost entirely on devising discrete technological processes. But it's a given that every credible threat has to be countered. So, substantive measures have to be designed and added to the overall cybersecurity function, which can be proven to be capable of ensuring proper human behavior. That is the extremely valuable and innovative role of the Human Security knowledge area.
In this chapter, the reader will learn about the fundamental elements of the Human Security knowledge area as well as understand the importance of Human Security in the cybersecurity process. This chapter will explore the challenges that human behavior represents in formulating a secure process as well as the knowledge elements of the Access Control knowledge unit. Human specific areas of threat such as social engineering, education training and awareness, and compliance will also be explored. Finally, the important aspect of privacy will be discussed.
