Abstract
Organisations craft and disseminate security policies, encoding the actions they want employees to take to preserve and protect organisational information resources. They engage in regular cybersecurity awareness and training drives to ensure that employees know what to do, and how to do it. Despite these efforts, employees make mistakes or do not comply with policy dictates, triggering cybersecurity incidents. The reality is that whereas cyber professionals propose, human nature disposes.
In addressing this kind of conundrum, researchers suggest that it could be beneficial to learn from the established practices of other domains that also grapple with erratic human behaviours.
This seems reasonable, given that cybersecurity is a relatively young field, and not yet particularly successful in accommodating human nature and fallibility, whereas other fields have years of experience coping with these kinds of problems. Here, we consider learning from religions, which have been around for millennia. The one aspect that all understand is human nature, and the tendency of humans to make mistakes and behave ill-advisedly, sometimes despite knowing better. Religions have developed a number of practices to accommodate human frailties, and to care for their adherents. This might well be a fruitful domain for cybersecurity professionals to learn from, in terms of harnessing effective mechanisms to encourage secure behaviours.
To this end, we explored the literature on religions, and interviewed a number of religious leaders to produce a `vision for cybersecurity'. The vision was evaluated by cybersecurity professionals, its target audience. We provide our vision here, in the hope that it will launch a debate into a more equitable new era of `best practice' in the cybersecurity domain.
In addressing this kind of conundrum, researchers suggest that it could be beneficial to learn from the established practices of other domains that also grapple with erratic human behaviours.
This seems reasonable, given that cybersecurity is a relatively young field, and not yet particularly successful in accommodating human nature and fallibility, whereas other fields have years of experience coping with these kinds of problems. Here, we consider learning from religions, which have been around for millennia. The one aspect that all understand is human nature, and the tendency of humans to make mistakes and behave ill-advisedly, sometimes despite knowing better. Religions have developed a number of practices to accommodate human frailties, and to care for their adherents. This might well be a fruitful domain for cybersecurity professionals to learn from, in terms of harnessing effective mechanisms to encourage secure behaviours.
To this end, we explored the literature on religions, and interviewed a number of religious leaders to produce a `vision for cybersecurity'. The vision was evaluated by cybersecurity professionals, its target audience. We provide our vision here, in the hope that it will launch a debate into a more equitable new era of `best practice' in the cybersecurity domain.
Original language | English |
---|---|
Article number | 103326 |
Number of pages | 19 |
Journal | Computers and Security |
Volume | 132 |
Early online date | 29 Jun 2023 |
DOIs | |
Publication status | Published - 30 Sept 2023 |
Keywords
- cybersecurity
- religion
- security policies
- human behaviour