Multi-method Approach to Human Expertise, Automation, and Artificial Intelligence for Vulnerability Management: Investigation of Challenges and Emerging Tensions

Mehdi Saadallah*, Abbas Shahim, Svetlana Khapova

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Fast-growing digital trends have driven growth in the threat landscape of cyber-attacks, pushing unprecedented burdens on organizations to manage vulnerabilities effectively. This study investigated two years of complex relationships between human expertise and technological solutions in the domain of cybersecurity vulnerability management (VM) for a leading fast-moving consumer goods (FMCG) company operating internationally in multiple countries, leveraging both on-premises and cloud infrastructure. This study introduces the tensions arising from this duality. Rooted in sociotechnical systems theory (STS), actor-network theory (ANT), and resource-based view (RBV), this research bridges the gap between technological reliance and human interpretative skills, which are two dominant but often disconnected aspects of VM. This paper highlights the benefit of VM that results from a symbiotic relationship between humans and technology, emphasizing how artificial intelligence (AI) and automation can mitigate the limitations of human-centric approaches and how humans can address the technological contextual limitations, resulting in a win-win approach. The findings set the orientation for a nascent stream of academic research on the relationship between humans and AI in vulnerability management.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection
Subtitle of host publication39th IFIP International Conference, SEC 2024, Edinburgh, UK, June 12–14, 2024, Proceedings
EditorsNikolaos Pitropakis, Sokratis Katsikas, Steven Furnell, Konstantinos Markantonakis
PublisherSpringer Science and Business Media Deutschland GmbH
Pages410-422
Number of pages13
ISBN (Electronic)9783031651755
ISBN (Print)9783031651748, 9783031651779
DOIs
Publication statusPublished - 2024
Event39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024 - Edinburgh, United Kingdom
Duration: 12 Jun 202414 Jun 2024

Publication series

NameIFIP Advances in Information and Communication Technology
Volume710
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024
Country/TerritoryUnited Kingdom
CityEdinburgh
Period12/06/2414/06/24

Bibliographical note

Publisher Copyright:
© IFIP International Federation for Information Processing 2024.

Keywords

  • ANT
  • artificial intelligence
  • automation
  • cybersecurity tensions
  • Human aspects of security
  • RBV
  • STS
  • technology versus human expertise
  • vulnerability management

Fingerprint

Dive into the research topics of 'Multi-method Approach to Human Expertise, Automation, and Artificial Intelligence for Vulnerability Management: Investigation of Challenges and Emerging Tensions'. Together they form a unique fingerprint.

Cite this