This article evaluates the NCSC’s Cybersecurity Risk Management Guidance through the lens of human factors and cyber psychology. While the framework excels in technical prevention, it falls short in addressing the human elements crucial to recovery, such as morale, stress, and organisational culture. Recommendations include integrating resilience-focused metrics, adapting attack trees for human-centric scenarios, balancing prevention with recovery, and leveraging cyber psychology insights. These enhancements would align the guidance with the realities of human behaviour, creating a more effective and comprehensive approach to cyber risk management.
Continue reading “Human Factors and Cyber Psychology Applied to the NCSC’s Guidance on Risk Management”Human Factors and Cyber Psychology Applied to the NCSC’s Guidance on Risk Management
