The security mindset: characteristics, development, and consequences. Issue 1 (2nd May 2023)
- Record Type:
- Journal Article
- Title:
- The security mindset: characteristics, development, and consequences. Issue 1 (2nd May 2023)
- Main Title:
- The security mindset: characteristics, development, and consequences
- Authors:
- Schoenmakers, Koen
Greene, Daniel
Stutterheim, Sarah
Lin, Herbert
Palmer, Megan J - Abstract:
- Abstract: The world is facing a cybersecurity skills gap as cybercrime and cyberwarfare grow in importance. One often-discussed quality that is potentially relevant to cybersecurity recruitment and education is the so-called "security mindset": a way of thinking characteristic of some security professionals that they believe to be especially advantageous in their work. Although some employers express a desire to hire people with a security mindset, and initiatives to cultivate the security mindset are being implemented, it has no common definition and little is known about its characteristics, its development, and its consequences. We interviewed 21 cybersecurity professionals who strongly identified as having a security mindset based on a minimal description drawn from existing literature. Thematic analysis of the interview data suggests that the security mindset can be conceptualized as consisting of three interconnected aspects—"monitoring" for potential security anomalies, "investigating" anomalies more deeply to identify security flaws, and "evaluating" the relevance of those flaws in a larger context. These three aspects develop in different ways and have different personal and professional consequences. Participants mostly spoke positively of the security mindset, but they also mentioned several disadvantages not mentioned by existing security-mindset literature, such as mental health pressures, workplace tensions, and negative effects on personal relationships. WeAbstract: The world is facing a cybersecurity skills gap as cybercrime and cyberwarfare grow in importance. One often-discussed quality that is potentially relevant to cybersecurity recruitment and education is the so-called "security mindset": a way of thinking characteristic of some security professionals that they believe to be especially advantageous in their work. Although some employers express a desire to hire people with a security mindset, and initiatives to cultivate the security mindset are being implemented, it has no common definition and little is known about its characteristics, its development, and its consequences. We interviewed 21 cybersecurity professionals who strongly identified as having a security mindset based on a minimal description drawn from existing literature. Thematic analysis of the interview data suggests that the security mindset can be conceptualized as consisting of three interconnected aspects—"monitoring" for potential security anomalies, "investigating" anomalies more deeply to identify security flaws, and "evaluating" the relevance of those flaws in a larger context. These three aspects develop in different ways and have different personal and professional consequences. Participants mostly spoke positively of the security mindset, but they also mentioned several disadvantages not mentioned by existing security-mindset literature, such as mental health pressures, workplace tensions, and negative effects on personal relationships. We discuss the implications of these findings for future study of the security mindset and suggest practical implications for cybersecurity management, education, and recruitment. … (more)
- Is Part Of:
- Journal of cybersecurity. Volume 9:Issue 1(2023)
- Journal:
- Journal of cybersecurity
- Issue:
- Volume 9:Issue 1(2023)
- Issue Display:
- Volume 9, Issue 1 (2023)
- Year:
- 2023
- Volume:
- 9
- Issue:
- 1
- Issue Sort Value:
- 2023-0009-0001-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-05-02
- Subjects:
- security mindset -- cybersecurity -- management -- awareness -- psychology -- cyberpsychology -- motivation -- culture
Computer security -- Periodicals
Computer networks -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://cybersecurity.oxfordjournals.org/ ↗
http://www.oxfordjournals.org/ ↗ - DOI:
- 10.1093/cybsec/tyad010 ↗
- Languages:
- English
- ISSNs:
- 2057-2093
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 27084.xml