Developing Human-Centric Informational Security

Authors

Jonathon W. Penney, Osgoode Hall Law School of York UniversityFollow

Author ORCID Identifier

Jonathon Penney: 0000-0001-9570-0146

Document Type

Book Chapter

Publication Date

2025

Source Publication

Laidlaw, Emily B.; Martin-Bariteau, Florian, eds. The security of self : a human-centric approach to cybersecurity. University of Ottawa Press, 2025

Abstract

Disinformation and information manipulation are widely seen as an urgent threat to democracy, but less often as a cybersecurity threat. Historically, disinformation has rarely been included in lists of recognized threats in cybersecurity manuals and appendices of global standards organizations and only recently has disinformation been approached as a cybersecurity threat, with only a handful of works offering a more focused and systematic discussion on this point. This chapter aims to help fill this void by arguing not only that disinformation and information manipulation is a cybersecurity threat, but that the present predominant cybersecurity paradigm is largely inadequate to address it. Instead, a human-centric approach to cybersecurity, one that centres humans as the objects of security—“security of the self”—should be adopted to address disinformation and information manipulation. However, human-centric approaches are themselves relatively new and underdeveloped, and there is little consensus in the field about what is required. This chapter argues that human-centric cybersecurity need not be monolithic, and different conceptualizations can be employed for different threats and contexts. To that end, a framework for human-centric cybersecurity is set out that addresses disinformation threats centred on user protection and safety, integrates psychological and behavioural factors—the human costs of information manipulation— and is broad enough to encompass robust structural law and policy reforms. Lastly, this chapter offers recommendations for operationalizing human-centric informational security, including that rights-based conceptualizations of human-centric cybersecurity should be avoided when operationalizing as policy to reduce gridlock and inaction due to competing rights claims. Instead, a duty of care or consumer protection frameworks are more likely to see success.

Comments

"Creative Commons Open Access Licence Attribution-Non-Commercial-Share Alike 4.0 International (CC BY-NC-ND 4.0)"

Repository Citation

Penney, Jonathon W., "Developing Human-Centric Informational Security" (2025). Articles & Book Chapters. 3392.
https://digitalcommons.osgoode.yorku.ca/scholarly_works/3392

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 4.0 License.