Integrating Cultural Factors into Human Factors Framework and Ontology for Cyber Attackers

The multiple types of culture (e.g. national, social, religious, ethnic, geographic, organizational) that influence human behavioral characteristics and interactions also affect how humans interact with technology and the Internet. In an effort to further understand (and measure) how human factors influence cybersecurity risk, we propose incorporating individuals’ national culture within the human factors framework component of our holistic cybersecurity risk assessment framework. The justification for this inclusion of national culture into the framework results from Nisbett’s, Heinrich’s, and Hofstede’s work with culture and cognition along with Sample’s work with culture and cyber. Culture is a key factor with respect to the human element that has been understudied in cybersecurity risk literature. By identifying the critical culture metrics and integrating them within the Human Factors Framework and Ontology developed for identifying cybersecurity risk assessment metrics for modeling to facilitate additional experimentation.