Title: Proceduralization in Cybersecurity: A Socio-Technical Systems Perspective

Issue Number: Vol. 9, No. 3
Year of Publication: Sep - 2020
Page Numbers: 126-138
Authors: John W. Coffey
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002660


Cyberdefense is a difficult, multifaceted endeavor involving humans and technology. Complex Sociotechnical Systems (CSTS) theory espouses simultaneous optimization of both human behavior and systems, and holds that optimization of one without sufficient consideration of the other leads to a suboptimal final result. Many tasks in modern society are amenable to proceduralization – the process of defining a set procedure to perform normal activities and particularly, to deal with anomalous conditions. The purpose of this work is to elaborate the concept of CSTS in the context of cybersecurity, and then to explore proceduralization of cybersecurity work in that context. It describes an ethnographic study on proceduralization in cybersecurity with the goal of defining areas where established procedures are useful and where they are less so. The work reports on a case study that was performed at a mid-sized public university in the United States.