Abstract
Fast-growing digital trends have driven growth in the threat landscape of cyber-attacks, pushing unprecedented burdens on organizations to manage vulnerabilities effectively. This study investigated two years of complex relationships between human expertise and technological solutions in the domain of cybersecurity vulnerability management (VM) for a leading fast-moving consumer goods (FMCG) company operating internationally in multiple countries, leveraging both on-premises and cloud infrastructure. This study introduces the tensions arising from this duality. Rooted in sociotechnical systems theory (STS), actor-network theory (ANT), and resource-based view (RBV), this research bridges the gap between technological reliance and human interpretative skills, which are two dominant but often disconnected aspects of VM. This paper highlights the benefit of VM that results from a symbiotic relationship between humans and technology, emphasizing how artificial intelligence (AI) and automation can mitigate the limitations of human-centric approaches and how humans can address the technological contextual limitations, resulting in a win-win approach. The findings set the orientation for a nascent stream of academic research on the relationship between humans and AI in vulnerability management.
Original language | English |
---|---|
Title of host publication | ICT Systems Security and Privacy Protection |
Subtitle of host publication | 39th IFIP International Conference, SEC 2024, Edinburgh, UK, June 12–14, 2024, Proceedings |
Editors | Nikolaos Pitropakis, Sokratis Katsikas, Steven Furnell, Konstantinos Markantonakis |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 410-422 |
Number of pages | 13 |
ISBN (Electronic) | 9783031651755 |
ISBN (Print) | 9783031651748, 9783031651779 |
DOIs | |
Publication status | Published - 2024 |
Event | 39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024 - Edinburgh, United Kingdom Duration: 12 Jun 2024 → 14 Jun 2024 |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Volume | 710 |
ISSN (Print) | 1868-4238 |
ISSN (Electronic) | 1868-422X |
Conference
Conference | 39th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2024 |
---|---|
Country/Territory | United Kingdom |
City | Edinburgh |
Period | 12/06/24 → 14/06/24 |
Bibliographical note
Publisher Copyright:© IFIP International Federation for Information Processing 2024.
Keywords
- ANT
- artificial intelligence
- automation
- cybersecurity tensions
- Human aspects of security
- RBV
- STS
- technology versus human expertise
- vulnerability management