Robert W Proctor1, Jing Chen2. 1. Purdue University, West Lafayette, Indiana, USA proctor@psych.purdue.edu. 2. Purdue University, West Lafayette, Indiana, USA.
Abstract
OBJECTIVE: The overarching goal is to convey the concept of science of security and the contributions that a scientifically based, human factors approach can make to this interdisciplinary field. BACKGROUND: Rather than a piecemeal approach to solving cybersecurity problems as they arise, the U.S. government is mounting a systematic effort to develop an approach grounded in science. Because humans play a central role in security measures, research on security-related decisions and actions grounded in principles of human information-processing and decision-making is crucial to this interdisciplinary effort. METHOD: We describe the science of security and the role that human factors can play in it, and use two examples of research in cybersecurity--detection of phishing attacks and selection of mobile applications--to illustrate the contribution of a scientific, human factors approach. RESULTS: In these research areas, we show that systematic information-processing analyses of the decisions that users make and the actions they take provide a basis for integrating the human component of security science. CONCLUSION: Human factors specialists should utilize their foundation in the science of applied information processing and decision making to contribute to the science of cybersecurity.
OBJECTIVE: The overarching goal is to convey the concept of science of security and the contributions that a scientifically based, human factors approach can make to this interdisciplinary field. BACKGROUND: Rather than a piecemeal approach to solving cybersecurity problems as they arise, the U.S. government is mounting a systematic effort to develop an approach grounded in science. Because humans play a central role in security measures, research on security-related decisions and actions grounded in principles of human information-processing and decision-making is crucial to this interdisciplinary effort. METHOD: We describe the science of security and the role that human factors can play in it, and use two examples of research in cybersecurity--detection of phishing attacks and selection of mobile applications--to illustrate the contribution of a scientific, human factors approach. RESULTS: In these research areas, we show that systematic information-processing analyses of the decisions that users make and the actions they take provide a basis for integrating the human component of security science. CONCLUSION:Human factors specialists should utilize their foundation in the science of applied information processing and decision making to contribute to the science of cybersecurity.
Authors: Scott Monteith; Michael Bauer; Martin Alda; John Geddes; Peter C Whybrow; Tasha Glenn Journal: Curr Psychiatry Rep Date: 2021-03-03 Impact factor: 5.285