Evripidou, Stefanos;
Ani, Uchenna D;
Watson, Jeremy D Mck;
Hailes, Stephen;
(2022)
Security Culture in Industrial Control Systems Organisations: A Literature Review.
In: Clarke, N and Furnell, S, (eds.)
International Symposium on Human Aspects of Information Security and Assurance HAISA 2022: Human Aspects of Information Security and Assurance.
(pp. pp. 133-146).
Springer, Cham
Preview |
Text
Evripidou_HAISA_final_Evripidou.pdf - Accepted Version Download (289kB) | Preview |
Abstract
Industrial control systems (ICS) are a key element of a country’s critical infrastructure, which includes industries like energy, water, and transport. In recent years, an increased convergence of operational and information technology has been taking place in these systems, increasing their cyber risks, and making security a necessity. People are often described as one of the biggest security risks in ICS, and historic attacks have demonstrated their role in facilitating or deterring them. One approach to enhance the security of organisations using ICS is the development of a security culture aiming to positively influence employees’ security perceptions, knowledge, and ultimately, behaviours. Accordingly, this work aims to review the security culture literature in organisations which use ICS and the factors that affect it, to provide a summary of the field. We conclude that the factors which affect security culture in ICS organisations are in line with the factors discussed in the general literature, such as security policies and management support. Additional factors related to ICS, such as safety culture, are also highlighted. Gaps are identified, with the limited research coverage being the most prominent. As such, proposals for future research are offered, including the need to conduct research with employees whose roles are not security related.
| Type: | Proceedings paper |
|---|---|
| Title: | Security Culture in Industrial Control Systems Organisations: A Literature Review |
| Event: | 16th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance (HAISA) |
| Location: | Mytilene, GREECE |
| Dates: | 6 Jul 2022 - 8 Jul 2022 |
| ISBN-13: | 978-3-031-12171-5 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1007/978-3-031-12172-2_11 |
| Publisher version: | https://doi.org/10.1007/978-3-031-12172-2_11 |
| Language: | English |
| Additional information: | Industrial control systems, ICS, Cybersecurity, Security culture, Critical infrastructure, Human factors, Operational technologies, OT |
| Keywords: | Computer Science, Computer Science, Information Systems, Computer Science, Software Engineering, Critical infrastructure, Cybersecurity, CYBERSECURITY, Human factors, ICS, Industrial control systems, Operational technologies, OT, Science & Technology, Security culture, Technology |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10170047 |
Archive Staff Only
 |
View Item |
