{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T10:40:53Z","timestamp":1779100853708,"version":"3.51.4"},"reference-count":131,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T00:00:00Z","timestamp":1623369600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T00:00:00Z","timestamp":1623369600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100007601","name":"Horizon 2020","doi-asserted-by":"publisher","award":["740322"],"award-info":[{"award-number":["740322"]}],"id":[{"id":"10.13039\/501100007601","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cogn Tech Work"],"published-print":{"date-parts":[[2022,5]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users\u2019 cognitive characteristics, needs and motivations. This paper presents a holistic\/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top\u2013down and bottom\u2013up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations\u2019 management and employees, The results show that\u00a0a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.<\/jats:p>","DOI":"10.1007\/s10111-021-00683-y","type":"journal-article","created":{"date-parts":[[2021,6,11]],"date-time":"2021-06-11T18:02:15Z","timestamp":1623434535000},"page":"371-390","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":174,"title":["Leveraging human factors in cybersecurity: an integrated methodological approach"],"prefix":"10.1007","volume":"24","author":[{"given":"Alessandro","family":"Pollini","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9046-1342","authenticated-orcid":false,"given":"Tiziana C.","family":"Callari","sequence":"additional","affiliation":[]},{"given":"Alessandra","family":"Tedeschi","sequence":"additional","affiliation":[]},{"given":"Daniele","family":"Ruscio","sequence":"additional","affiliation":[]},{"given":"Luca","family":"Save","sequence":"additional","affiliation":[]},{"given":"Franco","family":"Chiarugi","sequence":"additional","affiliation":[]},{"given":"Davide","family":"Guerri","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,11]]},"reference":[{"issue":"3","key":"683_CR1","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1080\/0144929X.2012.708787","volume":"33","author":"J Abawajy","year":"2014","unstructured":"Abawajy J (2014) User preference of cyber security awareness delivery methods. Behav Inform Technol 33(3):237\u2013248. https:\/\/doi.org\/10.1080\/0144929X.2012.708787","journal-title":"Behav Inform Technol"},{"key":"683_CR2","doi-asserted-by":"publisher","first-page":"5088","DOI":"10.1016\/j.promfg.2015.07.523","volume":"3","author":"RG Abbott","year":"2015","unstructured":"Abbott RG, McClain J, Anderson B, Nauer K, Silva A, Forsythe C (2015) Log analysis of cyber security training exercises. Procedia Manuf 3:5088\u20135094. https:\/\/doi.org\/10.1016\/j.promfg.2015.07.523","journal-title":"Procedia Manuf"},{"issue":"1","key":"683_CR3","doi-asserted-by":"publisher","first-page":"65","DOI":"10.13052\/jcsm2245-1439.414","volume":"4","author":"M Abomhara","year":"2015","unstructured":"Abomhara M, K\u00f8ien GM (2015) Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J Cyber Secur Mobility 4(1):65\u201388","journal-title":"J Cyber Secur Mobility"},{"issue":"3","key":"683_CR4","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/s11257-019-09236-5","volume":"29","author":"JH Addae","year":"2019","unstructured":"Addae JH, Sun X, Towey D, Radenkovic M (2019) Exploring user behavioral data for adaptive cybersecurity. User Model User-Adap Inter 29(3):701\u2013750. https:\/\/doi.org\/10.1007\/s11257-019-09236-5","journal-title":"User Model User-Adap Inter"},{"issue":"4","key":"683_CR5","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1016\/j.cose.2006.11.004","volume":"26","author":"E Albrechtsen","year":"2007","unstructured":"Albrechtsen E (2007) A qualitative study of users\u2019 view on information security. Comput Secur 26(4):276\u2013289","journal-title":"Comput Secur"},{"key":"683_CR6","volume-title":"HCI for cybersecurity, privacy and trust HCII 2019 lecture notes in computer science","author":"AI Al-Darwish","year":"2019","unstructured":"Al-Darwish AI, Choe P (2019) A framework of information security integrated with human factors. In: Moallem A (ed) HCI for cybersecurity, privacy and trust HCII 2019 lecture notes in computer science. Springer"},{"key":"683_CR7","doi-asserted-by":"publisher","first-page":"567","DOI":"10.1016\/j.chb.2015.03.054","volume":"49","author":"A Alhogail","year":"2015","unstructured":"Alhogail A (2015) Design and validation of information security culture framework. Comput Hum Behav 49:567\u2013575. https:\/\/doi.org\/10.1016\/j.chb.2015.03.054","journal-title":"Comput Hum Behav"},{"issue":"3","key":"683_CR8","first-page":"540","volume":"64","author":"A Alhogail","year":"2014","unstructured":"Alhogail A, Mirza A (2014) A framework of information security culture change. J Theor Appl Inf Technol 64(3):540\u2013549","journal-title":"J Theor Appl Inf Technol"},{"key":"683_CR9","doi-asserted-by":"publisher","unstructured":"Alzahrani A, Johnson C, Altamimi S (2018) Information security policy compliance: investigating the role of intrinsic motivation towards policy compliance in the organisation. In: 2018 4th international conference on information management. IEEE, pp 125\u201332. https:\/\/doi.org\/10.1109\/INFOMAN.2018.8392822","DOI":"10.1109\/INFOMAN.2018.8392822"},{"issue":"2","key":"683_CR10","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1016\/j.ssci.2008.02.004","volume":"47","author":"S Antonsen","year":"2009","unstructured":"Antonsen S (2009) Safety culture and the issue of power. Saf Sci 47(2):183\u2013191. https:\/\/doi.org\/10.1016\/j.ssci.2008.02.004","journal-title":"Saf Sci"},{"key":"683_CR11","doi-asserted-by":"publisher","first-page":"1082","DOI":"10.1016\/j.promfg.2015.07.178","volume":"3","author":"T Aoyama","year":"2015","unstructured":"Aoyama T, Naruoka H, Koshijima I, Watanabe K (2015) How management goes wrong? \u2013 The human factor lessons learned from a cyber incident handling exercise. Procedia Manufact 3:1082\u20131087. https:\/\/doi.org\/10.1016\/j.promfg.2015.07.178","journal-title":"Procedia Manufact"},{"issue":"1","key":"683_CR12","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1186\/s12911-020-01161-7","volume":"20","author":"ST Argaw","year":"2020","unstructured":"Argaw ST, Troncoso-Pastoriza JR, Lacey D, Florin M-V, Calcavecchia F, Anderson D, Flahault A (2020) Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. BMC Med Inform Decis Mak 20(1):146. https:\/\/doi.org\/10.1186\/s12911-020-01161-7","journal-title":"BMC Med Inform Decis Mak"},{"issue":"2","key":"683_CR13","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1016\/j.dss.2010.01.010","volume":"49","author":"G Bansal","year":"2010","unstructured":"Bansal G, Zahedi FM, Gefen D (2010) The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis Support Syst 49(2):138\u2013150. https:\/\/doi.org\/10.1016\/j.dss.2010.01.010","journal-title":"Decis Support Syst"},{"key":"683_CR14","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1016\/S2212-5671(15)01077-1","volume":"28","author":"A Bendovschi","year":"2015","unstructured":"Bendovschi A (2015) Cyber-attacks \u2013 trends, patterns and security countermeasures. Procedia Econ Finance 28:24\u201331. https:\/\/doi.org\/10.1016\/S2212-5671(15)01077-1","journal-title":"Procedia Econ Finance"},{"issue":"3","key":"683_CR15","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1016\/j.cose.2003.09.002","volume":"23","author":"D Besnard","year":"2004","unstructured":"Besnard D, Arief B (2004) Computer security impaired by legitimate users. Comput Secur 23(3):253\u2013264. https:\/\/doi.org\/10.1016\/j.cose.2003.09.002","journal-title":"Comput Secur"},{"key":"683_CR16","unstructured":"Bicanic S, Brahm C, Bre C (2020) What to do now that your demand forecast is wrong. Bain & Co. https:\/\/www.bain.com\/insights\/what-to-do-when-your-demand-forecast-is-wrong\/. Accessed 6 Apr 2020"},{"key":"683_CR17","doi-asserted-by":"crossref","unstructured":"B\u00f8dker S (2006) When second wave HCI meets third wave challenges. In: Proceedings of the 4th nordic conference on human-computer interaction: changing roles, pp 1\u20138","DOI":"10.1145\/1182475.1182476"},{"key":"683_CR18","volume-title":"Transforming qualitative information: thematic analysis and code development","author":"RE Boyatzis","year":"1998","unstructured":"Boyatzis RE (1998) Transforming qualitative information: thematic analysis and code development. SAGE Publications"},{"issue":"2","key":"683_CR19","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","volume":"3","author":"V Braun","year":"2006","unstructured":"Braun V, Clarke V (2006) Using thematic analysis in psychology. Qual Res Psychol 3(2):77\u2013101. https:\/\/doi.org\/10.1191\/1478088706qp063oa","journal-title":"Qual Res Psychol"},{"key":"683_CR20","doi-asserted-by":"crossref","unstructured":"Bulgurcu B, Cavusoglu H, Benbasat I (2010) Quality and fairness of an information security policy as antecedents of employees' security engagement in the workplace: an empirical investigation. Paper presented at the 43rd Hawaii international conference on system sciences, Honolulu, HI, USA","DOI":"10.1109\/HICSS.2010.312"},{"issue":"1","key":"683_CR21","doi-asserted-by":"publisher","first-page":"362","DOI":"10.3233\/WOR-2012-0183-362","volume":"41","author":"TC Callari","year":"2012","unstructured":"Callari TC, Ciairano S, Re A (2012) Elderly-technology interaction: accessibility and acceptability of technological devices promoting motor and cognitive training. Work A J Prev Asses Rehabilit 41(1):362\u2013369. https:\/\/doi.org\/10.3233\/WOR-2012-0183-362","journal-title":"Work A J Prev Asses Rehabilit"},{"issue":"4","key":"683_CR22","doi-asserted-by":"publisher","first-page":"525","DOI":"10.1016\/j.apergo.2006.04.011","volume":"37","author":"P Carayon","year":"2006","unstructured":"Carayon P (2006) Human factors of complex sociotechnical systems. Appl Ergon 37(4):525\u2013535","journal-title":"Appl Ergon"},{"key":"683_CR23","unstructured":"Carayon P, Kraemer S (2002) Macroergonomics in WWDU: what about computer and information security. Paper presented at the proceedings of the sixth international scientific conference on work with display units-WWDU 2002-world wide work, Berlin, Germany"},{"key":"683_CR24","volume-title":"Handbook of integrated risk management for e-business measuring, modeling, and managing risk","author":"P Carayon","year":"2005","unstructured":"Carayon P, Kraemer S, Bier V (2005) Human factors issues in computer and e-business security. In: Labbi A (ed) Handbook of integrated risk management for e-business measuring, modeling, and managing risk. Ross Publishing"},{"issue":"suppl 2","key":"683_CR25","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1136\/qshc.2003.009514","volume":"13","author":"JS Carroll","year":"2004","unstructured":"Carroll JS, Quijada MA (2004) Redirecting traditional professional values to support safety: changing organisational culture in health care. Quality Safety Health Care 13(suppl 2):16\u201321. https:\/\/doi.org\/10.1136\/qshc.2003.009514","journal-title":"Quality Safety Health Care"},{"key":"683_CR26","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29053-5","volume-title":"The ethics of cybersecurity","author":"M Christen","year":"2020","unstructured":"Christen M, Gordijn B, Loi M (2020) The ethics of cybersecurity. Springer"},{"issue":"6","key":"683_CR27","doi-asserted-by":"publisher","first-page":"1770","DOI":"10.1016\/j.tele.2018.05.005","volume":"35","author":"HN Chua","year":"2018","unstructured":"Chua HN, Wong PPF, Low YC, Chang Y (2018) Impact of employees\u2019 demographic characteristics on the awareness and compliance of information security policy in organizationss. Telematics Inform 35(6):1770\u20131780","journal-title":"Telematics Inform"},{"issue":"4","key":"683_CR28","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1016\/j.istr.2010.04.004","volume":"14","author":"C Colwill","year":"2009","unstructured":"Colwill C (2009) Human factors in information security: the insider threat \u2013 Who can you trust these days? Inf Secur Tech Rep 14(4):186\u2013196. https:\/\/doi.org\/10.1016\/j.istr.2010.04.004","journal-title":"Inf Secur Tech Rep"},{"issue":"23","key":"683_CR29","doi-asserted-by":"publisher","first-page":"31","DOI":"10.19101\/IJACR.2016.623006","volume":"6","author":"NY Conteh","year":"2016","unstructured":"Conteh NY, Schmick PJ (2016) Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. Internat J Adv Comput Res 6(23):31\u201338","journal-title":"Internat J Adv Comput Res"},{"key":"683_CR30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-43999-6_3","author":"I Corradini","year":"2020","unstructured":"Corradini I (2020) Building a cybersecurity culture in organizations. Studies in Syst Dec Control. https:\/\/doi.org\/10.1007\/978-3-030-43999-6_3","journal-title":"Studies in Syst Dec Control"},{"key":"683_CR31","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.maturitas.2018.04.008","volume":"113","author":"L Coventry","year":"2018","unstructured":"Coventry L, Branley D (2018) Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113:48\u201352. https:\/\/doi.org\/10.1016\/j.maturitas.2018.04.008","journal-title":"Maturitas"},{"key":"683_CR32","doi-asserted-by":"crossref","unstructured":"Craggs B (2019) A just culture is fundamental: extending security ergonomics by design. In: 2019 IEEE\/ACM 5th international workshop on software engineering for smart cyber-physical systems (SEsCPS). IEEE, pp 46\u201349","DOI":"10.1109\/SEsCPS.2019.00015"},{"key":"683_CR33","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10551-008-9909-7","volume":"89","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy J, Hovav A (2009) Does one size fit all? Examining the differential effects of is security countermeasures. J Bus Ethics 89:59. https:\/\/doi.org\/10.1007\/s10551-008-9909-7","journal-title":"J Bus Ethics"},{"issue":"2","key":"683_CR34","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1016\/j.cose.2009.09.002","volume":"29","author":"A Da Veiga","year":"2010","unstructured":"Da Veiga A, Eloff JHP (2010) A framework and assessment instrument for information security culture. Comput Secur 29(2):196\u2013207. https:\/\/doi.org\/10.1016\/j.cose.2009.09.002","journal-title":"Comput Secur"},{"issue":"2","key":"683_CR35","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1016\/j.clsr.2015.01.005","volume":"31","author":"A Da Veiga","year":"2015","unstructured":"Da Veiga A, Martins N (2015) Information security culture and information protection culture: a validated assessment instrument. Comput Law Secur Rev 31(2):243\u2013256. https:\/\/doi.org\/10.1016\/j.clsr.2015.01.005","journal-title":"Comput Law Secur Rev"},{"issue":"2","key":"683_CR36","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1016\/j.ssci.2005.02.001S0925-7535(05)00007-X","volume":"43","author":"DM DeJoy","year":"2005","unstructured":"DeJoy DM (2005) Behavior change versus culture change: divergent approaches to managing workplace safety. Safety Sci 43(2):105\u2013129. https:\/\/doi.org\/10.1016\/j.ssci.2005.02.001S0925-7535(05)00007-X","journal-title":"Safety Sci"},{"issue":"3","key":"683_CR37","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1016\/S0003-6870(03)00031-0","volume":"34","author":"S Dekker","year":"2003","unstructured":"Dekker S (2003) Failure to adapt or adaptations that fail: contrasting models on procedures and safety. Appl Ergon 34(3):233\u2013238","journal-title":"Appl Ergon"},{"key":"683_CR38","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/s10111-019-00614-y","volume":"23","author":"S Deline","year":"2021","unstructured":"Deline S, Guillet L, Rauffet P, Gu\u00e9rin C (2021) Team cognition in a cyber defense context: focus on social support behaviors. Cogn Tech Work 23:51\u201363. https:\/\/doi.org\/10.1007\/s10111-019-00614-y","journal-title":"Cogn Tech Work"},{"key":"683_CR39","unstructured":"Desruelle P, Baldini G, Barboni M, Bono F, Delipetrev B, Duch Brown N, Fernandez Macias E, Gkoumas K, Joossens E, Kalpaka A, Nepelski D, Nunes de Lima MV, Pagano A, Prettico G, Sanchez I, Sobolewski M, Triaille J-P, Tsakalidis A, Urzi Brancati MC (2019) Digital transformation in transport, construction, energy, government and public administration, EUR 29782 EN, Publications Office of the European Union, Luxembourg"},{"issue":"2","key":"683_CR40","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","volume":"11","author":"G Dhillon","year":"2001","unstructured":"Dhillon G, Backhouse J (2001) Current directions in IS security research: towards socio-organisational perspectives. Inf Syst J 11(2):127\u2013153. https:\/\/doi.org\/10.1046\/j.1365-2575.2001.00099.x","journal-title":"Inf Syst J"},{"issue":"3","key":"683_CR41","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1016\/j.cose.2008.11.007","volume":"28","author":"MT Dlamini","year":"2009","unstructured":"Dlamini MT, Eloff JHP, Eloff MM (2009) Information security: the moving target. Comput Secur 28(3):189\u2013198. https:\/\/doi.org\/10.1016\/j.cose.2008.11.007","journal-title":"Comput Secur"},{"key":"683_CR42","unstructured":"Driscoll DL, Appiah-Yeboah A, Salib P, Rupert DJ (2007) Merging qualitative and quantitative data in mixed methods research: How to and why not. Ecol Environ Anthropol (University of Georgia). 18. https:\/\/digitalcommons.unl.edu\/icwdmeea\/18"},{"key":"683_CR43","volume-title":"ENISA threat landscape 2020: cyber attacks becoming more sophisticated, targeted, widespread and undetected","author":"ENISA","year":"2020","unstructured":"ENISA (2020a) ENISA threat landscape 2020: cyber attacks becoming more sophisticated, targeted, widespread and undetected. European Union Agency for Network and Information Security"},{"issue":"4","key":"683_CR44","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1016\/j.istr.2010.05.002","volume":"14","author":"M Emina\u011fao\u011flu","year":"2009","unstructured":"Emina\u011fao\u011flu M, U\u00e7ar E, Eren \u015e (2009) The positive outcomes of information security awareness training in companies \u2013 A case study. Inf Secur Tech Rep 14(4):223\u2013229. https:\/\/doi.org\/10.1016\/j.istr.2010.05.002","journal-title":"Inf Secur Tech Rep"},{"issue":"7","key":"683_CR45","doi-asserted-by":"publisher","first-page":"960","DOI":"10.1080\/001401300409143","volume":"43","author":"Y Engestrom","year":"2000","unstructured":"Engestrom Y (2000) Activity theory as a framework for analyzing and redesigning work. Ergonomics 43(7):960\u2013974","journal-title":"Ergonomics"},{"key":"683_CR46","volume-title":"ENISA Main incidents in the EU and worldwide","author":"ENISA","year":"2020","unstructured":"ENISA (2020b) ENISA Main incidents in the EU and worldwide. European Union Agency for Network and Information Security"},{"key":"683_CR47","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.ijhcs.2007.10.002","volume":"67","author":"I Flechais","year":"2009","unstructured":"Flechais I, Sasse MA (2009) Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science. Internat J Hum Comput Studies 67:281\u2013296. https:\/\/doi.org\/10.1016\/j.ijhcs.2007.10.002","journal-title":"Internat J Hum Comput Studies"},{"issue":"8","key":"683_CR48","doi-asserted-by":"publisher","first-page":"983","DOI":"10.1016\/j.cose.2012.08.004","volume":"31","author":"SM Furnell","year":"2012","unstructured":"Furnell SM, Clarke N (2012) Power to the people? The evolving recognition of human aspects of security. Comput Secur 31(8):983\u2013988. https:\/\/doi.org\/10.1016\/j.cose.2012.08.004","journal-title":"Comput Secur"},{"issue":"1","key":"683_CR49","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.cose.2005.12.004","volume":"25","author":"SM Furnell","year":"2006","unstructured":"Furnell SM, Jusoh A, Katsabas D (2006) The challenges of understanding and using security: a survey of end-users. Comput Secur 25(1):27\u201335. https:\/\/doi.org\/10.1016\/j.cose.2005.12.004","journal-title":"Comput Secur"},{"issue":"2","key":"683_CR50","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1016\/j.ssci.2008.03.002","volume":"47","author":"M Gael","year":"2009","unstructured":"Gael M, Rene A, Christine C (2009) How good micro\/macro ergonomics may improve resilience, but not necessarily safety. Saf Sci 47(2):285\u2013294. https:\/\/doi.org\/10.1016\/j.ssci.2008.03.002","journal-title":"Saf Sci"},{"issue":"7","key":"683_CR51","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1080\/13669870701504764","volume":"10","author":"C Gilbert","year":"2007","unstructured":"Gilbert C, Amalberti R, Laroche H, Paries J (2007) Errors and failures: towards a new safety paradigm. J Risk Res 10(7):959\u2013975","journal-title":"J Risk Res"},{"key":"683_CR52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60585-2_25","author":"HW Glaspie","year":"2018","unstructured":"Glaspie HW, Karwowski W (2018) Human factors in information security culture: a literature review. Adv Intell Syst Comput. https:\/\/doi.org\/10.1007\/978-3-319-60585-2_25","journal-title":"Adv Intell Syst Comput"},{"key":"683_CR53","unstructured":"Hadley J (2019) In the age of AI, the human factor still matters for cybersecurity, Forbes. https:\/\/www.forbes.com\/sites\/jameshadley\/2019\/03\/27\/in-the-age-of-ai-the-human-factor-still-matters-for-cybersecurity\/#7a9774725cc5. Accessed 27 Mar 2019"},{"key":"683_CR54","doi-asserted-by":"publisher","first-page":"1117","DOI":"10.1016\/j.promfg.2015.07.186","volume":"3","author":"D Henshel","year":"2015","unstructured":"Henshel D, Cains MG, Hoffman B, Kelley T (2015) Trust as a human factor in holistic cyber security risk assessment. Proc Manufact 3:1117\u20131124. https:\/\/doi.org\/10.1016\/j.promfg.2015.07.186","journal-title":"Proc Manufact"},{"key":"683_CR55","unstructured":"HERMENEUT Project (2018) Deliverable D2.2. Integrated estimation of the enterprise's vulnerabilities"},{"issue":"7","key":"683_CR56","doi-asserted-by":"publisher","first-page":"978","DOI":"10.1177\/0002764218772673","volume":"62","author":"N Ivankova","year":"2018","unstructured":"Ivankova N, Wingo N (2018) Applying mixed methods in action research: methodological potentials and advantages. Am Behav Sci 62(7):978\u2013997","journal-title":"Am Behav Sci"},{"key":"683_CR57","doi-asserted-by":"publisher","unstructured":"Jaferian P, Hawkey K, Sotirakopoulos A, Velez-Rojas M, Beznosov K (2011) Heuristics for evaluating IT security management tools. Paper presented at the proceedings of the seventh symposium on usable privacy and security Pittsburgh, Pennsylvania. https:\/\/doi.org\/10.1145\/2078827.2078837","DOI":"10.1145\/2078827.2078837"},{"issue":"5","key":"683_CR58","doi-asserted-by":"publisher","first-page":"973","DOI":"10.1016\/j.jcss.2014.02.005","volume":"80","author":"J Jang-Jaccard","year":"2014","unstructured":"Jang-Jaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973\u2013993. https:\/\/doi.org\/10.1016\/j.jcss.2014.02.005","journal-title":"J Comput Syst Sci"},{"key":"683_CR59","doi-asserted-by":"publisher","unstructured":"Jeong J, Mihelcic, G Oliver, Rudolph C (2019) Towards an improved understanding of human factors in cybersecurity 2019 IEEE 5th international conference on collaboration and internet computing (CIC). Los Angeles, CA, USA https:\/\/doi.org\/10.1109\/CIC48465.2019.00047","DOI":"10.1109\/CIC48465.2019.00047"},{"issue":"1","key":"683_CR60","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1145\/1435417.1435446","volume":"52","author":"AC Johnston","year":"2009","unstructured":"Johnston AC, Hale R (2009) Improved security through information security governance. Commun ACM 52(1):126\u2013129","journal-title":"Commun ACM"},{"key":"683_CR61","doi-asserted-by":"crossref","unstructured":"Katsikas SK, L\u00f3pez J, Backes M, Gritzalis S, Preneel B (Eds) (2006) Information security: 9th international conference, ISC 2006, Samos Island, Greece, August 30\u2013September 2, 2006. Proceedings. Springer","DOI":"10.1007\/11836810"},{"issue":"26","key":"683_CR62","first-page":"10862e8","volume":"5","author":"B Khan","year":"2011","unstructured":"Khan B, Alghathbar KS, Nabi SI, Khan MK (2011) Effectiveness of information security awareness methods based on psychological theories. Afr J Bus Manag 5(26):10862e8","journal-title":"Afr J Bus Manag"},{"issue":"9","key":"683_CR63","doi-asserted-by":"publisher","first-page":"442","DOI":"10.5860\/crln.77.9.9553","volume":"77","author":"B Kim","year":"2016","unstructured":"Kim B (2016) Cybersecurity and digital surveillance versus usability and privacy1: why libraries need to advocate for online privacy. Coll Res Libr News 77(9):442\u2013451. https:\/\/doi.org\/10.5860\/crln.77.9.9553","journal-title":"Coll Res Libr News"},{"key":"683_CR64","first-page":"148","volume":"164","author":"EH Kluge","year":"2011","unstructured":"Kluge EH (2011) e-Health promises and challenges: some ethical considerations. Studies Health Technol Inform 164:148\u2013153","journal-title":"Studies Health Technol Inform"},{"issue":"7","key":"683_CR65","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1016\/j.cose.2009.07.001","volume":"28","author":"KJ Knapp","year":"2009","unstructured":"Knapp KJ, Franklin Morris R, Marshall TE, Byrd TA (2009) Information security policy: an organisational-level process model. Comput Secur 28(7):493\u2013508. https:\/\/doi.org\/10.1016\/j.cose.2009.07.001","journal-title":"Comput Secur"},{"issue":"1","key":"683_CR66","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1177\/1541931213571086","volume":"57","author":"BA Knott","year":"2013","unstructured":"Knott BA, Mancuso VF, Bennett K, Finomore V, McNeese M, McKneely JA, Beecher MM (2013) Human factors in cyber warfare. Proc Hum Factors Ergon Soc Ann Meeting 57(1):399\u2013403. https:\/\/doi.org\/10.1177\/1541931213571086","journal-title":"Proc Hum Factors Ergon Soc Ann Meeting"},{"key":"683_CR67","first-page":"243","volume-title":"Human factors in organizational design and management - VII","author":"S Kraemer","year":"2005","unstructured":"Kraemer S, Carayon P (2005) A macroergonomic framework for computer and information security. In: Carayon P, Robertson M, Kleiner B, Hoonakker P (eds) Human factors in organizational design and management - VII. IEA Press, pp 243\u2013254"},{"issue":"2","key":"683_CR68","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1016\/j.apergo.2006.03.010","volume":"38","author":"S Kraemer","year":"2007","unstructured":"Kraemer S, Carayon P (2007) Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Appl Ergon 38(2):143\u2013154. https:\/\/doi.org\/10.1016\/j.apergo.2006.03.010","journal-title":"Appl Ergon"},{"issue":"7","key":"683_CR69","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1016\/j.cose.2009.04.006","volume":"28","author":"S Kraemer","year":"2009","unstructured":"Kraemer S, Carayon P, Clem J (2009) Human and organisational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28(7):509\u2013520. https:\/\/doi.org\/10.1016\/j.cose.2009.04.006","journal-title":"Comput Secur"},{"key":"683_CR70","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.jisa.2014.09.005","volume":"22","author":"K Krombholz","year":"2015","unstructured":"Krombholz K, Hobel H, Huber M, Weippl E (2015) Advanced social engineering attacks. J Inform Secur Appl 22:113\u2013122. https:\/\/doi.org\/10.1016\/j.jisa.2014.09.005","journal-title":"J Inform Secur Appl"},{"key":"683_CR71","volume-title":"Meeting diversity in ergonomics","author":"M Lacomblez","year":"2007","unstructured":"Lacomblez M, Bellemare M, Chatigny C, Delgoulet C, Re A, Trudel L, Vasconcelos R (2007) Ergonomic analysis of work activity and training: basic paradigm, evolutions and challenges. In: Pikaar R, Settels P (eds) Meeting diversity in ergonomics. Elsevier"},{"key":"683_CR72","doi-asserted-by":"publisher","DOI":"10.4324\/9781315422251","volume-title":"Practical ethnography: a guide to doing ethnography in the private sector","author":"S Ladner","year":"2016","unstructured":"Ladner S (2016) Practical ethnography: a guide to doing ethnography in the private sector. Routledge"},{"key":"683_CR73","first-page":"97","volume-title":"International conference on mathematics and computing","author":"RAM Lahcen","year":"2018","unstructured":"Lahcen RAM, Mohapatra R, Kumar M (2018) Cybersecurity: a survey of vulnerability analysis and attack graphs In: International conference on mathematics and computing. Springer, pp 97\u2013111"},{"issue":"3","key":"683_CR74","first-page":"283","volume":"54","author":"J Leplat","year":"1991","unstructured":"Leplat J (1991) Understanding work in order to transform it. Trav Hum 54(3):283\u2013285","journal-title":"Trav Hum"},{"key":"683_CR75","doi-asserted-by":"publisher","first-page":"995","DOI":"10.3389\/fpsyg.2019.00995","volume":"10","author":"V Linkov","year":"2019","unstructured":"Linkov V, Z\u00e1mec\u02c7n\u00edk P, Havl\u00edc\u02c7kov\u00e1 D, Pai C-W (2019) Human factors in the cybersecurity of autonomous vehicles: trends in current research. Front Psychol 10:995. https:\/\/doi.org\/10.3389\/fpsyg.2019.00995","journal-title":"Front Psychol"},{"issue":"2","key":"683_CR76","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1108\/JICES-12-2018-0095","volume":"17","author":"M Loi","year":"2019","unstructured":"Loi M, Christen M, Kleine N, Weber K (2019) Cybersecurity in health \u2013 disentangling value tensions. J Inf Commun Ethics Soc 17(2):229\u2013245. https:\/\/doi.org\/10.1108\/JICES-12-2018-0095","journal-title":"J Inf Commun Ethics Soc"},{"key":"683_CR77","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1186\/s42400-020-00050-w","volume":"3","author":"RA Maalem Lahcen","year":"2020","unstructured":"Maalem Lahcen RA, Caulkins B, Mohapatra R et al (2020) Review and insight on the behavioral aspects of cybersecurity. Cybersecur 3:10. https:\/\/doi.org\/10.1186\/s42400-020-00050-w","journal-title":"Cybersecur"},{"key":"683_CR78","doi-asserted-by":"publisher","first-page":"101382","DOI":"10.1016\/j.techsoc.2020.101382","volume":"63","author":"K Macnish","year":"2020","unstructured":"Macnish K, van der Ham J (2020) Ethics in cybersecurity research and practice. Technol Soc 63:101382. https:\/\/doi.org\/10.1016\/j.techsoc.2020.101382","journal-title":"Technol Soc"},{"issue":"2","key":"683_CR79","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1108\/ICS-03-2018-0031","volume":"27","author":"M Malatji","year":"2019","unstructured":"Malatji M, Von Solms S, Marnewick A (2019) Socio-technical systems cybersecurity framework. Inform Comput Secur 27(2):233\u2013272. https:\/\/doi.org\/10.1108\/ICS-03-2018-0031","journal-title":"Inform Comput Secur"},{"key":"683_CR80","doi-asserted-by":"publisher","first-page":"47","DOI":"10.7250\/csimq.2019-18.03","volume":"18","author":"TR McEvoy","year":"2019","unstructured":"McEvoy TR, Kowalski SJ (2019) Deriving cyber security risks from human and organizational factors \u2013 a socio-technical approach. Complex Syst Inform Model Quart CSIMQ 18:47\u201364. https:\/\/doi.org\/10.7250\/csimq.2019-18.03","journal-title":"Complex Syst Inform Model Quart CSIMQ"},{"issue":"1","key":"683_CR81","doi-asserted-by":"publisher","first-page":"19","DOI":"10.19030\/jcr.v3i1.10241","volume":"3","author":"PJ Morrow","year":"2018","unstructured":"Morrow PJ (2018) The new age of cybersecurity privacy, criminal procedure and cyber corporate ethics. J Cybersec Res (JCR) 3(1):19\u201328. https:\/\/doi.org\/10.19030\/jcr.v3i1.10241","journal-title":"J Cybersec Res (JCR)"},{"key":"683_CR82","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1016\/j.cose.2016.03.004","volume":"59","author":"F Mouton","year":"2016","unstructured":"Mouton F, Leenen L, Venter HS (2016) Social engineering attack examples, templates and scenarios. Comput Secur 59:186\u2013209","journal-title":"Comput Secur"},{"key":"683_CR83","unstructured":"Mudassir H (2020) COVID-19 will fuel the next wave of innovation. https:\/\/www.entrepreneur.com\/article\/347669. Accessed 16 Mar 2020"},{"issue":"4","key":"683_CR84","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1080\/14639220500098821","volume":"7","author":"N Naikar","year":"2006","unstructured":"Naikar N, Moylan A, Pearce B (2006) Analysing activity in complex systems with cognitive work analysis: concepts, guidelines and case study for control task analysis. Theor Issues Ergon Sci 7(4):371\u2013394. https:\/\/doi.org\/10.1080\/14639220500098821","journal-title":"Theor Issues Ergon Sci"},{"issue":"4","key":"683_CR85","doi-asserted-by":"publisher","first-page":"815","DOI":"10.1016\/j.dss.2008.11.010","volume":"46","author":"B-Y Ng","year":"2009","unstructured":"Ng B-Y, Kankanhalli A, Xu Y (2009) Studying users\u2019 computer security behavior: a health belief perspective. Decis Support Syst 46(4):815\u2013825. https:\/\/doi.org\/10.1016\/j.dss.2008.11.010","journal-title":"Decis Support Syst"},{"key":"683_CR86","doi-asserted-by":"publisher","first-page":"93","DOI":"10.33965\/ijcsis_2018130207","volume":"13","author":"M Nicho","year":"2018","unstructured":"Nicho M, Fakhry H, Egbue U (2018) Evaluating user vulnerabilities vs phisher skills in spear phishing. Internat J Comput Sci Inform Syst 13:93\u2013108. https:\/\/doi.org\/10.33965\/ijcsis_2018130207","journal-title":"Internat J Comput Sci Inform Syst"},{"issue":"1","key":"683_CR87","doi-asserted-by":"publisher","first-page":"160940691773384","DOI":"10.1177\/1609406917733847","volume":"16","author":"LS Nowell","year":"2017","unstructured":"Nowell LS, Norris JM, White DE, Moules NJ (2017) Thematic analysis: striving to meet the trustworthiness criteria. Int J Qual Methods 16(1):1609406917733847. https:\/\/doi.org\/10.1177\/1609406917733847","journal-title":"Int J Qual Methods"},{"key":"683_CR88","doi-asserted-by":"crossref","unstructured":"Nurse JRC, Creese S, Goldsmith M, Lamberts K (2011) Guidelines for usable cybersecurity: past and present. Paper presented at the 2011 third international workshop on cyberspace safety and security (CSS)","DOI":"10.1109\/CSS.2011.6058566"},{"key":"683_CR89","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1016\/j.cose.2013.12.003","volume":"42","author":"K Parsons","year":"2014","unstructured":"Parsons K, McCormac A, Butavicius M, Pattinson M, Jerram C (2014) Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput Secur 42:165\u2013176. https:\/\/doi.org\/10.1016\/j.cose.2013.12.003","journal-title":"Comput Secur"},{"key":"683_CR90","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-12574-9_4","author":"A Pollini","year":"2014","unstructured":"Pollini A, Tedeschi A, Falciani L (2014) Airports as critical transportation infrastructures increasingly impacted by cyberattacks: a case study. Accepted Secur Privacy. https:\/\/doi.org\/10.1007\/978-3-319-12574-9_4","journal-title":"Accepted Secur Privacy"},{"key":"683_CR91","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1016\/j.csi.2017.03.009","volume":"53","author":"D Qui\u00f1ones","year":"2017","unstructured":"Qui\u00f1ones D, Rusu C (2017) How to develop usability heuristics: a systematic literature review. Comput Standards Interf 53:89\u2013122. https:\/\/doi.org\/10.1016\/j.csi.2017.03.009","journal-title":"Comput Standards Interf"},{"key":"683_CR92","unstructured":"Rasmussen J (1974) The human data processor an a system component bits and pieces of a model. Retrieved from revised edition of internal memo, N- 3O, June 1973."},{"issue":"3","key":"683_CR93","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1109\/TSMC.1983.6313160","volume":"13","author":"J Rasmussen","year":"1983","unstructured":"Rasmussen J (1983) Skills, rules, and knowledge: signals, signs, and symbols, and other distinctions in human performance models. IEEE Trans Syst Man Cybernet SMC 13(3):257\u2013266","journal-title":"IEEE Trans Syst Man Cybernet SMC"},{"key":"683_CR94","volume-title":"Cognitive systems engineering","author":"J Rasmussen","year":"1994","unstructured":"Rasmussen J, Pejtersen AM, Goodstein LP (1994) Cognitive systems engineering. John Wiley"},{"key":"683_CR95","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781139062367","volume-title":"Human error","author":"J Reason","year":"1990","unstructured":"Reason J (1990) Human error. Cambridge University Press"},{"key":"683_CR96","volume-title":"Managing the risks of organisational accidents","author":"J Reason","year":"1997","unstructured":"Reason J (1997) Managing the risks of organisational accidents. Ashgate Publishing Ltd"},{"key":"683_CR97","doi-asserted-by":"publisher","first-page":"768","DOI":"10.1136\/bmj.320.7237.768","volume":"320","author":"J Reason","year":"2000","unstructured":"Reason J (2000) Human error: models and management. BMJ 320:768\u2013770","journal-title":"BMJ"},{"issue":"7","key":"683_CR98","doi-asserted-by":"publisher","first-page":"745","DOI":"10.1016\/j.ssci.2006.07.010","volume":"45","author":"T Reiman","year":"2007","unstructured":"Reiman T, Oedewald P (2007) Assessment of complex sociotechnical systems: theoretical issues concerning the use of organisational culture and organisational core task concepts. Saf Sci 45(7):745\u2013768. https:\/\/doi.org\/10.1016\/j.ssci.2006.07.010","journal-title":"Saf Sci"},{"issue":"2017","key":"683_CR99","first-page":"76","volume":"34","author":"K Renaud","year":"2017","unstructured":"Renaud K, Flowerday S (2017) Contemplating human-centred security and privacy research: suggesting future directions. J Inform Secur Appl 34(2017):76\u201381","journal-title":"J Inform Secur Appl"},{"key":"683_CR100","volume-title":"Web Accessibility Human-Computer Interaction Series","author":"A Roper","year":"2019","unstructured":"Roper A, Wilson S, Neate T, Marshall J (2019) Speech and Language. In: Yesilada Y, Harper S (eds) Web Accessibility Human-Computer Interaction Series. Springer"},{"key":"683_CR101","doi-asserted-by":"crossref","unstructured":"Sabillon R, Cavaller V, Cano J, Serra-Ruiz J (2016) Cybercriminals, cyberattacks and cybercrime. Paper presented at the 2016 IEEE international conference on cybercrime and computer forensic (ICCCF), Simon Fraser University, Vancouver, BC, Canada","DOI":"10.1109\/ICCCF.2016.7740434"},{"issue":"10","key":"683_CR102","doi-asserted-by":"publisher","first-page":"2119","DOI":"10.1111\/risa.13309","volume":"39","author":"NM Scala","year":"2019","unstructured":"Scala NM, Reilly AC, Goethals PL, Cukier M (2019) Risk and the five hard problems of cybersecurity. Risk Anal 39(10):2119\u20132126","journal-title":"Risk Anal"},{"issue":"1","key":"683_CR103","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1177\/1350507616680563","volume":"48","author":"G Scaratti","year":"2017","unstructured":"Scaratti G, Galuppo L, Gorli M, Gozzoli C, Ripamonti S (2017) The social relevance and social impact of knowledge and knowing. Manag Learn 48(1):57\u201364. https:\/\/doi.org\/10.1177\/1350507616680563","journal-title":"Manag Learn"},{"issue":"6","key":"683_CR104","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1016\/j.cose.2005.07.002","volume":"24","author":"E Schultz","year":"2005","unstructured":"Schultz E (2005) The human factor in security. Comput Secur 24(6):425\u2013426. https:\/\/doi.org\/10.1016\/j.cose.2005.07.002","journal-title":"Comput Secur"},{"key":"683_CR105","unstructured":"Segovia L, Torres F, Rosillo M, Tapia E, Albarado F, Saltos D (2017) Social engineering as an attack vector for ransomware. In: proceedings of the conference on electrical engineering and information communication technology, Pucon, Chile, pp 1\u20136"},{"key":"683_CR106","doi-asserted-by":"crossref","unstructured":"Shabut AM, Lwin KT, Hossain MA (2016) Cyber attacks, countermeasures, and protection schemes. A state of the art survey. Paper presented at the 2016 10th international conference on software, knowledge, information management and Application (SKIMA)","DOI":"10.1109\/SKIMA.2016.7916194"},{"issue":"5\u20136","key":"683_CR107","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1016\/j.intcom.2009.04.007","volume":"21","author":"B Shackel","year":"2009","unstructured":"Shackel B (2009) Usability-Context, framework, definition, design and evaluation. Interact Comput 21(5\u20136):339\u2013346. https:\/\/doi.org\/10.1016\/j.intcom.2009.04.007","journal-title":"Interact Comput"},{"key":"683_CR108","volume-title":"Interaction design: beyond human-computer interaction","author":"H Sharp","year":"2007","unstructured":"Sharp H, Rogers Y, Preece J (2007) Interaction design: beyond human-computer interaction, 2nd edn. John Wiley and Sons Ltd.","edition":"2"},{"key":"683_CR109","volume-title":"The attribution of blame: causality, responsibility, and blameworthiness","author":"KG Shaver","year":"2012","unstructured":"Shaver KG (2012) The attribution of blame: causality, responsibility, and blameworthiness. Springer"},{"issue":"1","key":"683_CR110","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1108\/09685220010371394","volume":"8","author":"MT Siponen","year":"2000","unstructured":"Siponen MT (2000) A conceptual foundation for organisational information security awareness. Inf Manag Comput Secur 8(1):31\u201341","journal-title":"Inf Manag Comput Secur"},{"key":"683_CR111","doi-asserted-by":"publisher","first-page":"101","DOI":"10.4018\/978-1-878289-78-0.ch008","volume-title":"Information security management: global challenges in the new millennium","author":"MT Siponen","year":"2001","unstructured":"Siponen MT (2001) An analysis of the recent IS security development approaches: descriptive and prescriptive implications. In: Dhillon G (ed) Information security management: global challenges in the new millennium. Idea Group Publishing, pp 101\u2013124"},{"issue":"3","key":"683_CR112","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1057\/palgrave.ejis.3000537","volume":"14","author":"MT Siponen","year":"2005","unstructured":"Siponen MT (2005) An analysis of the traditional IS security approaches: implications for research and practice. Eur J Inf Syst 14(3):303\u2013315. https:\/\/doi.org\/10.1057\/palgrave.ejis.3000537","journal-title":"Eur J Inf Syst"},{"issue":"5","key":"683_CR113","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/j.im.2008.12.007","volume":"46","author":"M Siponen","year":"2009","unstructured":"Siponen M, Willison R (2009) Information security management standards: problems and solutions. Inform Manag 46(5):267\u2013270. https:\/\/doi.org\/10.1016\/j.im.2008.12.007","journal-title":"Inform Manag"},{"issue":"2","key":"683_CR114","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/j.ijinfomgt.2015.11.009","volume":"36","author":"ZA Soomro","year":"2016","unstructured":"Soomro ZA, Shah MH, Ahmed J (2016) Information security management needs more holistic approach: a literature review. Int J Inf Manage 36(2):215\u2013225. https:\/\/doi.org\/10.1016\/j.ijinfomgt.2015.11.009","journal-title":"Int J Inf Manage"},{"key":"683_CR115","volume-title":"A guide to methodology in ergonomics: designing for human use","author":"NA Stanton","year":"1999","unstructured":"Stanton NA, Young MS (1999) A guide to methodology in ergonomics: designing for human use. Taylor and Francis"},{"issue":"2","key":"683_CR116","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1016\/j.cose.2004.07.001","volume":"24","author":"JM Stanton","year":"2005","unstructured":"Stanton JM, Stam KR, Mastrangelo P, Jolton J (2005) Analysis of end user security behaviors. Comput Secur 24(2):124\u2013133. https:\/\/doi.org\/10.1016\/j.cose.2004.07.001","journal-title":"Comput Secur"},{"key":"683_CR117","unstructured":"Symantec (2018) Internet security threat report (ISTR). https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/reports\/istr-23-2018-en.pdf"},{"key":"683_CR118","doi-asserted-by":"publisher","first-page":"1096","DOI":"10.1016\/j.promfg.2015.07.181","volume":"3","author":"D Tayouri","year":"2015","unstructured":"Tayouri D (2015) The human factor in the social media security \u2013 Combining education and technology to reduce social engineering risks and damages. Procedia Manufact 3:1096\u20131100. https:\/\/doi.org\/10.1016\/j.promfg.2015.07.181","journal-title":"Procedia Manufact"},{"key":"683_CR119","unstructured":"Teal K (2020) Cybercrime tactics and techniques\u2019: COVID-19 Sends attackers into overdrive, channel futures. https:\/\/www.channelfutures.com\/mssp-insider\/cybercrime-tactics-and-techniques-covid-19-sends-attackers-into-overdrive. Accessed 1 June 2020"},{"issue":"2","key":"683_CR120","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1177\/1094428115610808","volume":"20","author":"SF Turner","year":"2017","unstructured":"Turner SF, Cardinal LB, Burton RM (2017) Research design for mixed methods: a triangulation-based framework and roadmap. Organ Res Methods 20(2):243\u2013267","journal-title":"Organ Res Methods"},{"issue":"1","key":"683_CR121","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/s10111-011-0196-1","volume":"14","author":"F Vanderhaegen","year":"2012","unstructured":"Vanderhaegen F (2012) Cooperation and learning to increase the autonomy of ADAS. Cogn Technol Work 14(1):61\u201369","journal-title":"Cogn Technol Work"},{"key":"683_CR122","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1016\/j.arcontrol.2017.09.008","volume":"44","author":"F Vanderhaegen","year":"2017","unstructured":"Vanderhaegen F (2017) Towards increased systems resilience: new challenges based on dissonance control for human reliability in cyber-physical and human systems. Annu Rev Control 44:316\u2013322","journal-title":"Annu Rev Control"},{"key":"683_CR123","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/s10111-019-00602-2","volume":"23","author":"F Vanderhaegen","year":"2021","unstructured":"Vanderhaegen F (2021a) Pedagogical learning supports based on human\u2013systems inclusion applied to rail flow control. Cogn Tech Work 23:193\u2013202. https:\/\/doi.org\/10.1007\/s10111-019-00602-2","journal-title":"Cogn Tech Work"},{"issue":"1","key":"683_CR124","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/s11948-021-00284-y","volume":"27","author":"F Vanderhaegen","year":"2021","unstructured":"Vanderhaegen F (2021b) Weak signal-oriented investigation of ethical dissonance applied to unsuccessful mobility experiences linked to human-machine interactions. Sci Eng Ethics 27(1):2. https:\/\/doi.org\/10.1007\/s11948-021-00284-y","journal-title":"Sci Eng Ethics"},{"key":"683_CR125","doi-asserted-by":"publisher","DOI":"10.3127\/ajis.v23i0.2211","author":"M Warren","year":"2019","unstructured":"Warren M, Burmeister O (2019) Preface to research on applied ethics (Cybersecurity). Austr J Inf Syst. https:\/\/doi.org\/10.3127\/ajis.v23i0.2211","journal-title":"Austr J Inf Syst"},{"issue":"9","key":"683_CR126","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1080\/15265161.2018.1498935","volume":"18","author":"K Weber","year":"2018","unstructured":"Weber K, Loi M, Christen M, Kleine N (2018) Digital medicine, cybersecurity, and ethics: an uneasy relationship. Am J Bioeth 18(9):52\u201353. https:\/\/doi.org\/10.1080\/15265161.2018.1498935","journal-title":"Am J Bioeth"},{"issue":"5","key":"683_CR127","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1177\/0894439315596311","volume":"34","author":"M Woods","year":"2016","unstructured":"Woods M, Paulus T, Atkins DP, Macklin R (2016) Advancing qualitative research using qualitative data analysis software (QDAS)? Reviewing potential versus practice in published studies using ATLASt.i and NVivo 1994\u20132013. Soc Sci Comput Rev 34(5):597\u2013617. https:\/\/doi.org\/10.1177\/0894439315596311","journal-title":"Soc Sci Comput Rev"},{"key":"683_CR128","doi-asserted-by":"publisher","DOI":"10.1201\/9781315568935","volume-title":"Behind human error","author":"DD Woods","year":"2017","unstructured":"Woods DD, Dekker S, Cook R, Johannesen L, Sarter N (2017) Behind human error. CRC Press"},{"key":"683_CR129","first-page":"557","volume":"31","author":"E Yaghmaei","year":"2020","unstructured":"Yaghmaei E, van de Poel I (2020) CANVAS Project White Paper 1 \u2013 Cybersecurity and Ethics. Retrieved from Wilson, J. R. (2000). Fundamentals of ergonomics in theory and practice. Appl Ergon 31:557\u2013567","journal-title":"Appl Ergon"},{"key":"683_CR130","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1016\/j.ijhcs.2019.05.005","volume":"131","author":"V Zimmermann","year":"2019","unstructured":"Zimmermann V, Renaud K (2019) Moving from a \u2018human-as-problem\u201d to a \u2018human-as-solution\u201d cybersecurity mindset. Int J Hum Comput Stud 131:169\u2013187","journal-title":"Int J Hum Comput Stud"},{"key":"683_CR131","doi-asserted-by":"publisher","first-page":"65","DOI":"10.7250\/csimq.2019-18.04","volume":"18","author":"E Zoto","year":"2019","unstructured":"Zoto E, Kianpour M, Kowalski SJ, Lopez-Rojas EA (2019) A socio-technical systems approach to design and support systems thinking in cybersecurity and risk management education. Complex Syst Inform Model Quarterly CSIMQ 18:65\u201375. https:\/\/doi.org\/10.7250\/csimq.2019-18.04","journal-title":"Complex Syst Inform Model Quarterly CSIMQ"}],"container-title":["Cognition, Technology &amp; Work"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10111-021-00683-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10111-021-00683-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10111-021-00683-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,26]],"date-time":"2022-04-26T10:16:58Z","timestamp":1650968218000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10111-021-00683-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,11]]},"references-count":131,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,5]]}},"alternative-id":["683"],"URL":"https:\/\/doi.org\/10.1007\/s10111-021-00683-y","relation":{},"ISSN":["1435-5558","1435-5566"],"issn-type":[{"value":"1435-5558","type":"print"},{"value":"1435-5566","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,6,11]]},"assertion":[{"value":"6 January 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 May 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 June 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no conflicts of interest to disclose.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}}]}}