A Human-centric Approach
“The term cyber security is not unambiguous. The European Union Agency of Cybersecurity’s (ENISA) report, “Definition of Cybersecurity Gaps and Overlaps in Standardisation,” reveals the term’s different meanings among international standards institutions. It refers to the “confidentiality, integrity and availability of information” in cyberspace (the International Organization for Standardization — ISO); to “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets” (the International Telecommunication Union — ITU); or to “the ability to protect or defend the use of cyberspace from cyberattacks” (the U.S. National Institute of Standards and Technology — NIST). These different perspectives place great importance on protecting information and networks and are occasionally restricted to threats that come from the internet (NIST) or are open to embrace other types of threats (ITU).
We acknowledge these various definitions, but we believe that cyber security goes well beyond information security. Events such as the Cambridge Analytica scandal show that cyber security must address societal vulnerabilities presented by changes in the way individuals communicate, consume information and act...”
Excerpt from Pedro Xavier Mendonça et al., “A Human-centric Approach,” per Concordiam: Journal of European Security Defense Issues 10, No. 4, 2021: 16-19.
Dr. Pedro Xavier Mendonça is a consultant at the Portuguese National Cybersecurity Centre, where he is the coordinator of the Cybersecurity Observatory and collaborates in the Awareness and Training Program, as well as a researcher and professor. His research focuses on social studies of technology, with an emphasis on the relationship between technological development and communication and users. His recent work examines the role of human behavior in cyber security.
Daniela Santos is a doctoral student in public policy and is dedicated to the study of cyber security. She is a member of the Reflection Group on Cyber Resilience at the National Defence Institute. Since 2018, she has served as the Cybersecurity Awareness and Training project manager at the Portuguese National Cybersecurity Centre.
Isabel Baptista is the Development and Innovation Department coordinator of the Portuguese National Cybersecurity Centre. She holds a master’s degree in Information Security and Cyberspace Law, for which she developed a dissertation on the human factor in cyber security. For many years she was an IT trainer in public schools as well as in the private sector. In recent years, her main activities have been focused on raising awareness of the importance of cyber security by training citizens and organizations.
Dr. Lino Santos is the head of the Portuguese National Cybersecurity Centre and an appointed member of the board of directors of the European Agency for Cybersecurity. He was previously the director for security and users’ services at the National Foundation for Scientific Computing. He holds certifications in managing computer security incident response teams from Carnegie Mellon University and from the Marshall Center’s Program on Cyber Security Studies.
This article reflects the views of the author and are not necessarily the official policy of the United States, Germany, or any other governments.