The Five Pillars of a Cognitive Risk Framework—Part II. Issue 6 (1st December 2016)
- Record Type:
- Journal Article
- Title:
- The Five Pillars of a Cognitive Risk Framework—Part II. Issue 6 (1st December 2016)
- Main Title:
- The Five Pillars of a Cognitive Risk Framework—Part II
- Authors:
- Bone, James
- Abstract:
- Abstract: The purpose of this study is to develop the first cognitive risk framework for cybersecurity to address two narrative arcs in cyber warfare: the rise of the "hacker" as an industry and the "cybersecurity paradox", namely why billions spent on cybersecurity fail to address semantic cyberattacks. Semantic cyberattacks, also known as social engineering, manipulates human users' perceptions and interpretation of computer-generated data to obtain non-public confidential data. The cyber battleground has shifted from an attack on hard assets to a much softer target: the human mind. If human behavior is the new and last "weakest link" in the cybersecurity armor, is it possible to build cognitive defenses at the intersection of human-machine interactions? The answer is yes, but the change that is needed requires a new way of thinking about security, data governance and strategy. The concepts referenced in the Cognitive Risk Framework for Cybersecurity (CRFC) are drawn from a large body of research in multidisciplinary topics. Cognitive risk management is a sister discipline of a parallel body of science called Cognitive Informatics Security or CogSec. It is also important to point out as the creator of the CRFC, the principles and practices prescribed herein are borrowed from cognitive informatics security, machine learning, artificial intelligence (AI), and behavioral and cognitive science, among just a few that are still evolving. The Cognitive Risk Framework forAbstract: The purpose of this study is to develop the first cognitive risk framework for cybersecurity to address two narrative arcs in cyber warfare: the rise of the "hacker" as an industry and the "cybersecurity paradox", namely why billions spent on cybersecurity fail to address semantic cyberattacks. Semantic cyberattacks, also known as social engineering, manipulates human users' perceptions and interpretation of computer-generated data to obtain non-public confidential data. The cyber battleground has shifted from an attack on hard assets to a much softer target: the human mind. If human behavior is the new and last "weakest link" in the cybersecurity armor, is it possible to build cognitive defenses at the intersection of human-machine interactions? The answer is yes, but the change that is needed requires a new way of thinking about security, data governance and strategy. The concepts referenced in the Cognitive Risk Framework for Cybersecurity (CRFC) are drawn from a large body of research in multidisciplinary topics. Cognitive risk management is a sister discipline of a parallel body of science called Cognitive Informatics Security or CogSec. It is also important to point out as the creator of the CRFC, the principles and practices prescribed herein are borrowed from cognitive informatics security, machine learning, artificial intelligence (AI), and behavioral and cognitive science, among just a few that are still evolving. The Cognitive Risk Framework for Cybersecurity revolves around five pillars: Intentional Controls Design, Cognitive Informatics Security, Cognitive Risk Governance, Cybersecurity Intelligence and Active Defense Strategies and Legal "Best Efforts" considerations in Cyberspace. Complete text of "Cognitive Hack: The New Battleground in Cybersecurity … the Human Mind" is available here:https://www.crcpress.com/Cognitive-Hack-The-New-Battleground-in-Cybersecurity–the-Human-Mind/Bone/p/book/9781498749817 … (more)
- Is Part Of:
- EDPACS. Volume 54:Issue 6(2016)
- Journal:
- EDPACS
- Issue:
- Volume 54:Issue 6(2016)
- Issue Display:
- Volume 54, Issue 6 (2016)
- Year:
- 2016
- Volume:
- 54
- Issue:
- 6
- Issue Sort Value:
- 2016-0054-0006-0000
- Page Start:
- 1
- Page End:
- 16
- Publication Date:
- 2016-12-01
- Subjects:
- Electronic data processing -- Auditing -- Periodicals
Computers -- Access control -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.8 - Journal URLs:
- http://www.tandfonline.com/toc/uedp20/current ↗
http://www.tandfonline.com/ ↗ - DOI:
- 10.1080/07366981.2016.1257219 ↗
- Languages:
- English
- ISSNs:
- 0736-6981
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3661.115000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 412.xml