FROM AWARENESS TO MANAGEMENT: THE CONCEPT OF HUMAN RISKS IN CYBER SECURITY SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2025.30.895Keywords:
information protection; cybersecurity; human factor; information system; information technologies.Abstract
The authors of the scientific article noted that despite the war in Ukraine, society has adapted to the era of information technology, computerization, and automation, with digitalization encompassing all aspects of human life. The concept of the state in a smartphone is increasingly being implemented in various public services for the population. Social services are actively transforming and are even being applied in the military sphere. However, with the growth of digitalization, there is a need to develop countermeasures to strengthen information and cybersecurity, primarily due to the human factor. The purpose of the article is to study the psychological and pedagogical problem of the human factor in ensuring information security and cybersecurity. Research results. The problem of human risk in professional activity is not new. The human factor, patterns, and individual factors that influence professional activity and its impact on the results of activity have been studied by professional psychology theory. In the age of information technology, the human factor is a source of new, previously unseen threats. As modern practice shows, in hybrid warfare, the enemy obtains up to 90% of information through social engineering, receiving valuable information via social networks (Facebook, Telegram channel, Instagram, WhatsApp, Meta, YouTube) that was transmitted through careless conversations. That is why experienced global cybersecurity teams have been thinking about how to reduce human risk in information systems in order to maintain information protection and cybersecurity. This is how the theory of human risk management began, a concept that is established as a separate category, independent of security awareness training. Human resource management promises to deliver a greater return on investment than any other strategic security initiative. The results of the study clearly show the need to implement “human risk management.” Human risk management should focus on results, not just compliance, and quantify the risk associated with human behavior. The theoretical and practical results obtained in the course of scientific research form the basis for further study of various aspects of this issue.
Downloads
References
How Much Time Do People Spend on Their Mobile Phones in 2017? (2017). Hackernoon. https://hackernoon.com/how-much-time-do-people-spend-on-their-mobile-phones-in-2017-e5f90a0b10a6
Information security: types of threats and methods of their elimination. (2024). Datami. https://datami.ee/ua/blog/informatsijna-bezpeka-vidi-zagroz-i-metodi-yih-usunennya
Pugachev, O. I. (2024). Problems of ensuring information security of Ukraine in modern conditions. Problems of Modern Transformations. Series: Law, Public Administration and Management, (12). https://doi.org/10.54929/2786-5746-2024-12-02-15
Zgurovsky, M. (2000). Problems of information security in Ukraine, ways to solve them. Legal, Regulatory and Metrological Support of the Information Security System in Ukraine: Scientific and Technical Collection, 1, 10–14.
Ostroukhov, V., & Petryk, V. (2008). To the problem of ensuring information security of Ukraine. Political Management, 4(31), 135–141. http://dspace.nbuv.gov.ua/handle/123456789/59848
Bodrov, V., & Orlov, V. (1998). Psychology and reliability: Man in technique control systems. Moscow: Institute of Psychology of the RAS.
Poyda-Nosyk, N., Kálmán, B. G., & Malatyinszki, Sz. (2024). The human factor of information security: Phishing in cybercrime. Acta Academiae Beregsasiensis. Economics, 6, 223–234. https://doi.org/10.58423/2786-6742/2024-6-223-234
Law of Ukraine. (2017). On the basic principles of ensuring cybersecurity of Ukraine. https://zakon.rada.gov.ua/laws/show/2163-19
Zanyk, O., & Tkachuk, R. (2020). The influence of the human factor on information security organization systems. Information Security and Information Technologies: Collection of Abstracts of the IV All-Ukrainian Scientific and Practical Conference of Young Scientists, Students and Cadets, 21–22.
Laboratoriya Kasperskogo: polovina kiberincidentov proishodit iz-za chelovecheskogo faktora. (2017). Agentstvo mezhdunarodnoj informacii Trend. https://www.trend.az/business/it/2819279.html
The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within. (2017). AO Kaspersky Lab. https://www.kaspersky.com/blog/the-human-factor-in-it-security/#:~:text=against%20cyberattack%20is%20their%20own,IT%20security%20strategy%20at%20risk
Levchenko, O. V. (2021). The system of ensuring the information security of the state in the military sphere: The basics of construction and functioning: A monograph. Zhytomyr: Publisher of PE “Euro-Volyn.”
The National Museum of Computing (TNMOC). (n.d.). Official website. https://www.tnmoc.org
Buryachok, V. L., Korchenko, O. G., & Buryachok, L. V. (2012). Social engineering as a method of intelligence of information and telecommunication systems. Information Security, 14(4[57]), 5–11.
Kozubtsov, I. M. (2015). On the motivational portrait of participants in cyber confrontation. In Actual Problems of Development of Science and Technology: Materials of the First International Scientific and Technical Conference (pp. 208–211). State University of Telecommunications.
Kozubtsov, I. M., Kozubtsova, L. M., Zhyvilo, E. O., & Kutsaev, V. V. (2016). On the need to study the motivational characteristics of military personnel when they are allowed to engage in cyber confrontation. In Application of Information Technologies in the Training and Activities of Law Enforcement Forces: Collection of Materials of the Scientific and Practical Conference (pp. 35–36). Kharkiv: National Academy of the National Guard of Ukraine.
Kutsaev, V. V., Tereshchenko, T. P., & Kozubtsov, I. M. (2017). Information confrontation in social networks. In Application of Information Technologies in the Training and Activities of Law Enforcement Forces: Collection of Materials of the Scientific and Practical Conference (pp. 21–22). Kharkiv: National Academy of the National Guard of Ukraine.
Skibun, O. Zh. (2022). Modern ethics as a practical philosophy of cybersecurity. Modern Information Protection, 4, 66–70. https://doi.org/10.31673/2409-7292.2022.040011
Stanton, B., Theofanos, M. F., Prettyman, S. S., & Furman, S. (2016). Security fatigue. IT Professional, 18(5), 26–32. https://doi.org/10.1109/mitp.2016.84
Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. (2014). The human factor of information security: Unintentional damage perspective. Procedia – Social and Behavioral Sciences, 147, 424–428. https://doi.org/10.1016/j.sbspro.2014.07.133
Decree of the President of Ukraine. (2021). On the decision of the National Security and Defense Council of Ukraine “On the Information Security Strategy.” https://zakon.rada.gov.ua/laws/show/685/2021
Kozubtsova, L. M., Kozubtsov, I. M., Tereshchenko, T. P., & Bondarenko, T. V. (2022). On the cyber security of playing geolocation games by military personnel while staying at departmental critical information infrastructure facilities. Cybersecurity: Education, Science, Technology, 1(17), 76–90.
How to Reduce Human Risk: Best Practices for Security Teams. (2024). Hoxhunt. https://hoxhunt.com/blog/how-to-reduce-human-risk#:~:text=,of%20users%20is%20a%20must
Baker, E. (2025). Human risk management playbook. Hoxhunt. https://hoxhunt.com/guide/human-risk-management-playbook
Prassinos, G. (2024). IBM report: Escalating data breach disruption pushes costs to new highs. Source IBM. https://newsroom.ibm.com/2024-07-30-ibm-report-escalating-data-breach-disruption-pushes-costs-to-new-highs
Data Breach Investigations Report. (2025). Verizon Business. https://www.verizon.com/business/resources/reports/dbir/
People Controls in ISO 27001. (2022). ENX Association. https://www.dataguard.com/knowledge/iso-27001/annex-a/6-people-controls/#:~:text=,employees%20to%20information%20security%20risks
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Леся Козубцова, Валерій Ліщина, Ігор Козубцов
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
