The Journal of Cognitive Engineering and Decision Making welcomes submissions for a special issue on cybersecurity decision making. The security of computing systems and networks affects many aspects of life. Confidentiality, integrity, and availability of information systems impact people’s personal lives, work environments, critical infrastructure, government services, and military operations. Because information systems are interconnected, security decisions made on a personal workstation or workplace system can have direct or cascading effects elsewhere. This special issue of JCEDM will focus on the role of human decision making in cybersecurity: decision processes, approaches to measuring decision outcomes, and methods for improving the effectiveness of cybersecurity decisions.
To date, work on cyber decision making has focused primarily on defensive technical staff, who monitor for abnormalities in computing systems and networks and decide how to prevent or respond to security incidents. Others who make cybersecurity decisions have not been studied to the same degree. For example, managers such as the chief information security officer make strategic decisions that consider security risks, policies, resource investments, and the impact of a security breach. Individual users, such as office workers, students, and soldiers, regularly make security decisions about password use, personal firewalls, and policy compliance. Although most such users don’t realize the impact of their decisions, those decisions directly affect the security posture of the work environment and influence attackers’ exploitation strategies.
This special issue of JCEDM focuses on the state of the art, research results, and open research issues related to the human decision process in both defensive and offensive cybersecurity operations and by various types of decision makers (e.g., users, technical specialists, and security managers). Special emphasis is on studies, analyses, and research based on real-world observations rather than on decontextualized laboratory studies. Topics of interest include, but are not limited to,
Cognitive task analyses, work analyses, and field research specific to cyber situation awareness and cybersecurity decision making
- Models of cybersecurity decision processes, both defensive and offensive
- Similarities and differences in decision making of users, technical cyber analysts, and security managers
- Data sources and metrics used by cybersecurity decision makers and the reliability and validity of those data sources and metrics
- Measures of effectiveness and impact of cybersecurity decisions
- Methods of collaborative decision making in cybersecurity operations
- Technologies and techniques to enhance the rapid acquisition of cybersecurity decision-making skills or the effectiveness of cybersecurity decisions
- How risk assessment is used in various cyber decision making
- The role of cyber economics in cybersecurity decision making
- The role of usability in cybersecurity decision making
- Empirical analyses of how system designs affect cybersecurity situation awareness and decisions.
Commensurate with the scope and vision of JCEDM, submissions should emphasize the human contribution to cybersecurity, whether by modeling human activity and cognition directly or by designing the technologies, infrastructure, operational procedures, or work practices that support human performance. Thus, submissions to this special issue should demonstrate a reasonable understanding of the relevant human factors literature. They may also identify where further fundamental human factors research is required in the laboratory to support and inform the messy complexities of real operations.
Coauthorship by cybersecurity practitioners is strongly encouraged to provide real-world grounding of the work. Papers related to areas of cybersecurity beyond network defense, and to the business decisions related to cybersecurity, are also encouraged.
Full articles must be submitted online at http://mc.manuscriptcentral.com/jcedm by June 1 and comply with the guidelines in the Instructions for Authors (http://www.hfes.org/web/pubpages/jcedminsauthors.html) Prior to submitting a manuscript, authors are welcome to correspond directly with the guest editors (see below) or Editor-in-Chief Amy Pritchett (firstname.lastname@example.org) to discuss the potential submission.
There is no fixed page requirement; authors should properly describe the attributes of the task and domain to illustrate important determinants of human behavior and to document system developments and results of experiments, observations, or evaluations. Nevertheless, submissions will also be evaluated for their succinctness and appropriate brevity. Publication of the special issue is expected in December 2014.