Cyber-Security Culture: Psychological and Legal Aspects

Digitalization has become part and parcel of the modern-day human activities. Nowadays it is going into every field of business and personal life. To develop and prosper, most organizations need IT systems, and hence to take the safeguarding of their informational assets seriously. Many of the processes which are essential for securing their IT assets, largely depend on human interaction. This study has attempted to address the culture of cyber-security in the light of psychology and law. The results of the research showed that from the psychological standpoint, the culture of cyber-security involves the willingness on the part of a modern human to overcome the digital expansion by mastering the tools for countering the negative IT factors. In its turn, from the legal standpoint, the culture of cyber-security is based on the legislative framework which regulates the legal relations in the field of cyber-security.

1. Begishev I.R. Sindrom bezopasnoj ataki: juridiko-psihologicheskij fenomen [Safe attack syndrome: a legal and psychological phenomenon]. Juridicheskaja psihologija [Legal psychology], 2018, no. 2, pp. 27—30. (In Russ., Abstr. in Engl.).
2. Begishev I.R., Khisamova Z.I., Nikitin S.G. Organizacija hakerskogo soobshhestva: kriminologicheskij i ugolovno-pravovoj aspekty [Organization of the hacker community: criminological and criminal-legal aspects]. Vserossijskij kriminologicheskij zhurnal [Russian Journal of Criminology], 2020, Vol. 14, no. 1, pp. 96—105. doi:10.17150/2500- 4255.2020.14(1).96-105 (In Russ., Abstr. in Engl.).
3. Begishev I.R., Bikeev I.I. Prestuplenija v sfere obrashhenija cifrovoj informacii [Crimes in the sphere of digital information circulation]. Kazan: Kazan Innovation University Publ., 2020. 300 p.
4. Bovina I.B., Dvoryanchikov N.V., Budykin S.V. Informacionnaja bezopasnost' detej v obydennom ponimanii roditelej i uchitelej [Information security of children in the everyday understanding of parents and teachers]. Vestnik Rossijskogo universiteta druzhby narodov. Serija: Psihologija i pedagogika [Bulletin of the Russian University of peoples ' friendship. Series: Psychology and pedagogy], 2016, no. 1, pp. 77—86. (In Russ., Abstr. in Engl.).
5. Bovina I.B., et al. Social'nye predstavlenija i informacionnaja bezopasnost' detej i podrostkov: tochka zrenija uchitelej (Chast' 1) [Elektronnyi resurs] [Social representations and information security of children and adolescents: the point of view of teachers (Part 1)]. Psikhologiia i pravo [Psychology and Law], 2017, Vol. 7, no. 1, pp. 1—12. doi:10.17759/psylaw.2017070101 (In Russ., Abstr. in Engl.).
6. Bovina I.B., et al. Social'nye predstavlenija i informacionnaja bezopasnost' detej i podrostkov: tochka zrenija uchitelej (Chast' 2) [Elektronnyi resurs] [Social representations and information security of children and adolescents: the point of view of teachers (Part 2)]. Psikhologiia i pravo [Psychology and Law], 2017, Vol. 7, no. 2, pp. 19—32. doi:10.17759/psylaw.2017060202 (In Russ., Abstr. in Engl.).
7. Bovina I.B., et al. Social'nye predstavlenija i informacionnaja bezopasnost' detej i podrostkov: tochka zrenija uchitelej (Chast' 3) [Elektronnyi resurs] [Social representations and information security of children and adolescents: the point of view of teachers (Part 3)]. Psikhologiia i pravo [Psychology and Law], 2017, Vol. 7, no. 3, pp. 138—148. doi:10.17759/psylaw.2017070311 (In Russ., Abstr. in Engl.).
8. Bovina I.B., Dvoryanchikov N.V., Budykin S.V. Informacionnaja bezopasnost' detej i podrostkov v ponimanii roditelej i uchitelej (Ch. 1. Postanovka problemy) [Elektronnyi resurs] [Information security of children and adolescents in the understanding of parents and teachers (Part 1. Statement of the problem)]. Psikhologiia i pravo [Psychology and Law], 2015, Vol. 5, no. 3, pp. 1—13. doi:10.17759/psylaw.2015050301 (In Russ., Abstr. in Engl.).
9. Borisova E.S., Belousov A.L. Innovacii kak instrument obespechenija informacionnoj bezopasnosti i povyshenija jeffektivnosti dejatel'nosti bankovskoj sistemy [Elektronnyi resurs] [Innovations as a tool for ensuring information security and improving the efficiency of the banking system]. Aktual'nye problemy jekonomiki i prava [Actual Problems of Economics and Law], 2019, Vol. 13, no. 3, pp. 1330—1342. doi:10.21202/1993-047X.13.2019.3.1330-1342 (In Russ., Abstr. in Engl.).
10. Budykin S. V. Informacionnaja bezopasnost' detej i podrostkov v sovremennom mire: psihologicheskie aspekty problemy [Information security of children and adolescents in the modern world: psychological aspects of the problem]. Juridicheskaja psihologija [Legal psychology], 2017, no. 1, pp. 13—24. (In Russ., Abstr. in Engl.).
11. Budykin S.V., Dvoryanchikov N.V., Bovina I.B. Informacionnaja bezopasnost' detej i podrostkov v predstavlenijah roditelej [Elektronnyi resurs] [Information security of children and adolescents in the representations of parents]. Psihologicheskaja nauka i obrazovanie [Psychological science and education], 2016, Vol. 8, no. 4, pp. 117—126. doi:10.17759/psyedu.2016080412 (In Russ., Abstr. in Engl.).
12. Budykin S.V., Dvoryanchikov N.V., Bovina I.B. Informacionnaja bezopasnost' detej i podrostkov v ponimanii roditelej i uchitelej )] [Elektronnyi resurs] (Ch. 2. Rezul'taty jempiricheskogo issledovanija) [Information security of children and adolescents in the understanding of parents and teachers (Part 2. Results of empirical research. Psikhologiia i pravo [Psychology and Law], 2016, Vol. 6, no. 1, pp. 25—38. doi:10.17759/psylaw.2016060104 (In Russ., Abstr. in Engl.).
13. Budykin S.V. Informacionnaja bezopasnost' detej i podrostkov v sovremennom mire: psihologicheskie aspekty problemy [Elektronnyi resurs] [Information security of children and adolescents in the modern world: psychological aspects of the problem]. Psikhologiia i pravo [Psychology and Law], 2017, Vol. 7, no. 1, pp. 13—24. doi:10.17759/psylaw.2017070102 (In Russ., Abstr. in Engl.).
14. Dvoryanchikov N.V., et al. Informacionnaja bezopasnost' detej i podrostkov: juridicheskie i psihologicheskie aspekty problemy [Information security of children and adolescents: legal and psychological aspects of the problem]. Juridicheskaja psihologija [Legal psychology], 2016, no. 1, pp. 31—35. (In Russ., Abstr. in Engl.).
15. Kuznetsova Yu.M., Chudova N.V. Psihologija zhitelej Interneta [Psychology of Internet users]. Moscow: LKI Publ., 2008. 224 p.
16. Kulemina A.E. Osobennosti formirovanija kul'tury informacionnoj bezopasnosti v federal'nyh organah gosudarstvennoj vlasti [Features of formation of information security culture in Federal state authorities]. In. Proceedings of the conference of young scientists, vol. 6, Information technology. Saint-Petersburg: ITMO University Publ., 2009. 707 p.
17. Manzi D.S. Upravlenie rynkom dezinformacii: pervaja popravka i bor'ba protiv fejkovyh novostej [Managing the disinformation market: the first amendment and the fight against fake news]. Aktual'nye problemy jekonomiki i prava [Actual Problems of Economics and Law], 2020, Vol. 14, no. 1, pp. 141—163. doi:10.21202/1993-047X.14.2020.1.141-163 (In Russ., Abstr. in Engl.).
18. Sokolova M.V., Dozortseva E.G. Sklonnost' k autoagressivnomu povedeniju u podrostkov i informacija, potrebljaemaja imi v Internete [Elektronnyi resurs] [Propensity to autoagressive behavior in adolescents and information consumed by them on the Internet]. Psikhologiia i pravo [Psychology and Law], 2019, Vol. 9, no. 1, pp. 22—35. doi:10.17759/psylaw.2019090102 (In Russ., Abstr. in Engl.).
19. Chebotareva A.A. Obespechenie informacionnoj bezopasnosti lichnosti v Internete: istorija i problemy razvitija zakonodatel'stva [Ensuring information security of the individual on the Internet: history and problems of legislation development]. Istorija gosudarstva i prava [History of the state and law], 2010, no. 11, pp. 30—33. (In Russ., Abstr. in Engl.).
20. Shpagina E.M., Chirkina R.V. Kompetentnost' pedagogov i psihologov v oblasti informacionnoj bezopasnosti detej [Elektronnyi resurs] [Competence of teachers and psychologists in the field of information security of children]. Psikhologiia i pravo [Psychology and Law], 2019, Vol. 9, no. 3, pp. 261—277. doi:10.17759/psylaw.2019090319 (In Russ., Abstr. in Engl.).
21. Shpagina E.M. Informacionnaja bezopasnost' v kontekste zashhity prav detej v Rossijskoj Federacii [Elektronnyi resurs] [Information security in the context of protection of children's rights in the Russian Federation]. Psikhologiia i pravo [Psychology and Law], 2016, Vol. 6, no. 4, pp. 86—94. doi:10.17759/psylaw.2016060409 (In Russ., Abstr. in Engl.).
22. Ahmad Z., et al. Security monitoring and information security assurance behaviour among employees: An empirical analysis. Information and Computer Security, 2019, Vol. 27, no. 2, pp. 165—188. doi:10.1108/ICS-10-2017-0073
23. Algarni M., Almesalm S., Syed M. Towards Enhanced Comprehension of Human Errors in Cybersecurity Attacks. International Conference on Applied Human Factors and Ergonomics. Advances in Human Error, Reliability, Resilience, and Performance, 2018, Vol. 778, pp. 163—175. doi:10.1007/978-3-319-94391-6_16
24. Al Hogail A., Mirza A. Information security culture: A definition and a literature review. World Congress on Computer Applications and Information Systems, 2014, pp. 1—7. doi:10.1109/WCCAIS.2014.6916579
25. Beena A.L., Dr. Humayoon Kabir S. Information Security Insider Threats in Organizations and Mitigation Techniques. International Conference on Recent Advances in Energy-efficient Computing and Communication, 2019, pp. 1—4. doi:10.1109/ICRAECC43874.2019.8995088
26. Bovina I.B., Dvoryanchikov N.V., Budykin S.V. Shared meaning about information security of children: an exploratory study. Procedia - Social and Behavioral Sciences, 2014, Vol. 146, pp. 94—98.
27. Corradini I., Nardelli E. Building Organizational Risk Culture in Cyber Security: The Role of Human Factors. International Conference on Applied Human Factors and Ergonomics. Advances in Human Factors in Cybersecurity, 2019, Vol. 782, pp. 193—202. doi:10.1007/978-3-319-94782-2_19
28. Corradini I., Nardelli E. Social Engineering and the Value of Data: The Need of Specific Awareness Programs. International Conference on Applied Human Factors and Ergonomics. Advances in Human Factors in Cybersecurity, 2020, Vol. 960, pp. 59—65. doi:10.1007/978-3-030-20488-4_6
29. Da Veiga A., et al. Defining organisational information security culture — Perspectives from academia and industry. Computers & Security, 2020, Vol. 92, art. 101713. doi:10.1016/j.cose.2020.101713
30. Da Veiga A., Martins N. Information security culture and information protection culture: A validated assessment instrument. Computer Law & Security Review, 2015, Vol. 31, iss. 2, pp. 243—256. doi:10.1016/j.clsr.2015.01.005
31. Glaspie H.W., Karwowski W. Human Factors in Information Security Culture: A Literature Review. International Conference on Applied Human Factors and Ergonomics. Advances in Human Factors in Cybersecurity, 2017, Vol. 593, pp. 269—280. doi:10.1007/978-3-319-60585-2_25
32. Halevi T., et al. Cultural and psychological factors in cyber-security. Proceedings of the 18th International Conference on Information Integration and Web-based Applications and Services, 2016, pp. 318—324. doi:10.1145/3011141.3011165
33. Kennedy S.E. The pathway to security - mitigating user negligence. Information and Computer Security, 2016, Vol. 24, iss. 3, pp. 255—264. doi:10.1108/ICS-10-2014-0065
34. Martins A., Elofe J. Information Security Culture. Security in the Information Society. IFIP Advances in Information and Communication Technology, 2002, Vol. 86, pp. 203—214. doi:10.1007/978-0-387-35586-3_46
35. McCormac A., et al. Features of Manipulative Behavior in Operational Officers’ Professional Activity. Computers in Human Behavior, 2017, Vol. 69, pp. 151—156. doi:10.1016/j.chb.2016.11.065
36. Nasir A., et al. An analysis on the dimensions of information security culture concept: A review. Journal of Information Security and Applications, 2019, Vol. 44, pp. 12—22. doi:10.1016/j.jisa.2018.11.003
37. Okere I., Van Niekerk J.F., Carroll M. Assessing information security culture: A critical analysis of current approaches. Information Security for South Africa, 2012, pp. 1—8. doi:10.1109/ISSA.2012.6320442
38. Parsons K.M., et al. The Influence of Organizational Information Security Culture on Information Security Decision Making. Journal of Cognitive Engineering and Decision Making, 2015, Vol. 9, no. 2, pp. 117—129. doi:10.1177/1555343415575152
39. Ramachandran S., Rao S.V., Goles T. Information Security Cultures of Four Professions: A Comparative Study. Proceedings of the 41st Annual Hawaii International Conference on System Sciences, 2008, pp. 454—454. doi:10.1109/HICSS.2008.201
40. Schlienger T., Teufel S. Information Security Culture. The Socio-Cultural Dimension in Information Security Management. Security in the Information Society. IFIP Advances in Information and Communication Technology, 2002, Vol. 86, pp. 191—201. doi:10.1007/978-0-387-35586-3_46
41. Tang M., Li M., Zhang T. The impacts of organizational culture on information security culture: a case study. Information Technology and Management, 2016, Vol. 17, no. 2, pp. 179—186. doi:10.1007/s10799-015-0252-2
42. Thomson K., Van Niekerk J.F. Combating information security apathy by encouraging prosocial organisational behavior. Information Management & Computer Security, 2012, Vol. 20, no. 1, pp. 39—46. doi:10.1108/09685221211219191
43. Van Niekerk J.F., Von Solms R. Information security culture: A management perspective. Computers & Security, 2010, Vol. 29, no. 4, pp. 476—486. doi:10.1016/j.cose.2009.10.005
44. Wiley A., McCormac A., Calic D. More than the individual: Examining the relationship between culture and Information Security Awareness. Computers & Security, 2020, Vol. 88, art. 101640. doi:10.1016/j.cose.2019.101640
45. Zhumagaliyeva B., Barabanova E. Features of Manipulative Behavior in Operational Officers’ Professional Activity. Procedia — Social and Behavioral Sciences, 2017, Vol. 140, pp. 9—14. doi:10.1016/j.sbspro.2014.04.379