About

Sociotechnical aspects of cybersecurity considers the human element that interacts with the technological for the creation, maintenance, and operation of cybersecurity. STC includes organizational, economic, social, legal, educational, psychological, political, policy, cultural, ecosystem, and other approaches engaging the human and technology interactions needed to secure the space, infrastructure, people and systems within the cyber environment.

Purely technical solutions to cybersecurity are insufficient as they do not wholly account for the complex range of users and environments those solutions must address. The U.S. 2016 federal cybersecurity R&D strategic plan named sociotechnical approaches as the path forward for the cybersecurity of systems and infrastructure. The plan called further investigations of STC research, transition to practice, and workforce development

In the STC name, we bridge two fields of study–sociotechnical studies and cybersecurity studies. For a primer on the sociotechnical space, we recommend Sawyer & Jarrahi (2014) Sociotechnical approaches to the study of Information Systems (pdf). For cybersecurity grounding, we recommend Craigen et al. (2014) Defining Cybersecurity (pdf).