Edinburgh Napier University

  There continue to be numerous breaches publicised pertaining to cybersecurity despite security practices being applied within industry for many years. This paper is intended to be the first in a number of papers as research into cybersecurity assurance processes. This paper is compiled based on current research related to cybersecurity assurance and the impact of the human element on it. The objective of this work is to identify elements of cybersecurity that would benefit from further research and development based on the literature review findings. The results outlined in this paper present a need for the cybersecurity field to look in to established industry areas to benefit from effective practices such as human reliability assessment, along with improved methods of validation such as statistical quality control in order to obtain true assurance. The paper proposes the development of a framework that will be based upon defined and repeatable quantification, specifically relating to the range of human aspect tasks that provide or are intended not to negatively affect cybersecurity assurance.