Knowledge and attitude of an individual, a group of people, an organization to protection of assets (physical, information, economic) of the individual, the group of people, the organization.
Published in Chapter:
Security Awareness in the Internet of Everything
Viacheslav Izosimov (Semcon Sweden AB, Sweden) and Martin Törngren (KTH Royal Institute of Technology, Sweden)
Copyright: © 2019
|Pages: 30
DOI: 10.4018/978-1-5225-7332-6.ch012
Abstract
Our societal infrastructure is transforming into a connected cyber-physical system of systems, providing numerous opportunities and new capabilities, yet also posing new and reinforced risks that require explicit consideration. This chapter addresses risks specifically related to cyber-security. One contributing factor, often neglected, is the level of security education of the users. Another factor, often overlooked, concerns security-awareness of the engineers developing cyber-physical systems. Authors present results of interviews with developers and surveys showing that increase in security-awareness and understanding of security risks, evaluated as low, are the first steps to mitigate the risks. Authors also conducted practical evaluation investigating system connectivity and vulnerabilities in complex multi-step attack scenarios. This chapter advocates that security awareness of users and developers is the foundation to deployment of interconnected system of systems, and provides recommendations for steps forward highlighting the roles of people, organizations and authorities.