A Basic Set of Mental Models for Understanding and Dealing with the CyberSecurity Challenges of Today

Abstract

For most people, cybersecurity is a difficult notion to grasp. Traditionally, cybersecurity has been considered a technical challenge, and still many specialists understand it as information security, with the notions of confidentiality, integrity, and availability as its foundation. Although many have searched for different and broader perspectives, the complexity and ambiguity of the notion still thwarts a common understanding. While the author was developing and executing a MSc cybersecurity program for professionals with a wide variety of backgrounds and widely differing views on cybersecurity, the lack of a common understanding of cybersecurity was clearly evident. Based on these observations, the author began seeking and defining a new, transdisciplinary conceptualization of cybersecurity that can be widely agreed upon. It resulted in the publication of three scientific papers. This paper is an amalgam of the contents of the three supplemented with some extensions. It turned out that the previously introduced description of two key notions, cyberspace and cybersecurity, is still an adequate starting point. Described here is a set of additional mental models elaborating on these key notions and providing more detail on their meanings. The research suggests that this set of mental models strongly supports the description and analysis of current cybersecurity challenges and helps people understand how everyone, in his or her various roles, can contribute to reducing the related cyber risks. These claims are supported by presenting the modeling and analysis approaches of various MSc-thesis research projects executed by students when working on practical cybersecurity problems both within and outside their organisations. The author further discovered that, for a limited set of cybersecurity challenges, it was not yet possible to identify adequate mental models; this defines the agenda for future research.