Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Psychology of Security

Published byIda Evagret Hofer Modified over 6 years ago

Similar presentations

Presentation on theme: "The Psychology of Security"— Presentation transcript:

1 The Psychology of Security
By: Ryan West

2 Increase in Research of Security Psychology
Over the last decade, there has been a tremendous increase in the awareness and research in user interaction with security mechanisms It is important to understand how users evaluate and make decisions regarding security

3 When Risk is not a Risk Non-acceptance of security tools is a major problem facing the information security world

4 Why? Users do not think they are at risk
People believe they are less vulnerable than others “That will never happen to me.” Risk homeostasis Applied to security, as users increase security measures, they are likely to increase risky behavior as well Users aren’t stupid, they’re unmotivated Humans favor quick solutions Accounts for why users do not read all of the text in a security display or consider the consequences of their decisions

5 Why? Safety is an abstract concept
Outcomes that are abstract are less enticing Pro-security choice has no visible outcome Not satisfying to user Feedback and learning from security-related decisions No instant reinforcer in shaping behavior User makes pro-security decisions and the reinforcement is that bad things are less likely to happen

6 Why? Evaluating the security/cost trade-off
Users evaluate the possible gain (security) against the possibility that nothing bad would happen Making trade-off between risk, losses, and gains Users are more likely to gamble for a loss than accept a guaranteed loss

7 Why? Security as a secondary task
Users focus one losses that will affect their immediate goal Pro-security decisions is least likely to be made when occupied with something else Losses perceived disproportionately to gains User must perceive greater amount of gain than loss Cost of security may be minimal, the but the loss could be considered worse than the gain in safety

8 Improving Security Compliance
Reward pro-security behavior Example: Antivirus or antispyware products find and remove malicious codes Improve awareness of risk Issue with security systems: messages and alerts They don’t stand out from other computer messages

9 Improving Security Compliance
Catch corporate security policy violators Systems with good auditing systems could “catch” individuals who make poor security decisions Receive notifications Reduce the cost of implementing security Employ secure default setting Most users do not change these settings

10 Conclusion Increase compliance with security systems
Working with psychological principles that guide behavior Security only becomes a priority when a user has a problem Education needs to be increased

11 Relation to Computer Ethics Code
1.2 Avoid harm to others 2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work 2.2 Acquire and maintain professional competence 2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks 2.7 Improve public understanding of computing and its consequences

12 My Opinion Article was very interesting
Makes me rethink just exiting out of the pop-ups from firewall I should stop and actually read the security pop-ups and see if any action is needed It is good practice to keep security system updated and follow its recommendations regarding websites and opening attachments

13 Questions What is a major problem facing the information security world? Give an example of how to reward pro-security behavior. What is one issue with security systems? What is risk homeostasis?

14 Case Study John has been commissioned by a private organization to create software that encrypts and protects their client’s personal information such as their social security numbers and medical history. John is stumped on how to start the project. He begins researching similar programs and how they were developed. He finds one that meets the private company’s needs and standards, so he uses it as a means to start his own program without receiving consent from the programmer. When John later publishes an article about his software, he does not cite the original software he used as a reference. What are the ethical implications of John’s actions? Are there any negative implications of his decision?

15 Answer to Case Study 1.2 Avoid harm to others
1.3 Be honest and trustworthy 1.5 Honor property rights including copyrights and patent 1.6 Give proper credit for intellectual property 2.3 Know and respect existing laws pertaining to professional work 4.1 Uphold and promote the principles of this Code

Download ppt "The Psychology of Security"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Professional Ethics Social Implications of Computers.

Professional Ethics Social Implications of Computers.
Information Technology as a Profession

Information Technology as a Profession
Social and Ethical Implications CMSC 101 November 21, 2013 Bhuvana Bellala and Marie desJardins.

Social and Ethical Implications CMSC 101 November 21, 2013 Bhuvana Bellala and Marie desJardins.
Computer Literacy and ICT Engineers 橋本 義平 Hashimoto Yoshihei (情報工学)

Computer Literacy and ICT Engineers 橋本 義平 Hashimoto Yoshihei (情報工学)
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
MODULE TWO Ethical and Legal Issues. Objectives: Particpants will: Understand privacy, confidentiality and ethics as they relate to being a volunteer.

MODULE TWO Ethical and Legal Issues. Objectives: Particpants will: Understand privacy, confidentiality and ethics as they relate to being a volunteer.
ICT Ethics 2 ICT 139.

ICT Ethics 2 ICT 139.
Ethics CS-480b Network Security Dick Steflik. ACM Code of Ethics This Code, consisting of 24 imperatives formulated as statements of personal responsibility,

Ethics CS-480b Network Security Dick Steflik. ACM Code of Ethics This Code, consisting of 24 imperatives formulated as statements of personal responsibility,
JCSD-aw Citizenship in an e-World Johnston Community School District.

JCSD-aw Citizenship in an e-World Johnston Community School District.
A Gift of Fire, 2edChapter 10: Professional Ethics and Responsibilities1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues.

A Gift of Fire, 2edChapter 10: Professional Ethics and Responsibilities1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues.
Agenda  Tuesday, June 28 th  Psychology and Security  Thursday, June 30 th  Usable Security.

Agenda  Tuesday, June 28 th  Psychology and Security  Thursday, June 30 th  Usable Security.
(computer) Ethics CMPT-184. 2 2 Ethics and Morality Morality and ethics have same roots and meaning: Mores means manner and customs in Latin Ethos (ΗΘ0Σ)

(computer) Ethics CMPT Ethics and Morality Morality and ethics have same roots and meaning: Mores means manner and customs in Latin Ethos (ΗΘ0Σ)
Professional Codes of Ethics Professionalism and Codes of Ethics.

Professional Codes of Ethics Professionalism and Codes of Ethics.
CSCE 431: Licensing and Software Engineering Code of Ethics

CSCE 431: Licensing and Software Engineering Code of Ethics
Ethics Lecture Dr. Christina Howe

Ethics Lecture Dr. Christina Howe
5.02 PowerPoint Objective 5.02 Understand ethics and ethical decision-making.

5.02 PowerPoint Objective 5.02 Understand ethics and ethical decision-making.
CS 3043 Social Implications Of Computing © 2010 Keith A. Pray Class 3 Professional Ethics Keith A. Pray Instructor socialimps.keithpray.net.

CS 3043 Social Implications Of Computing © 2010 Keith A. Pray Class 3 Professional Ethics Keith A. Pray Instructor socialimps.keithpray.net.
Chapter 9: Professional Ethics and Responsibilities

Chapter 9: Professional Ethics and Responsibilities
IIA Fraud Presentation (Press Space Bar to Continue)

IIA Fraud Presentation (Press Space Bar to Continue)

Similar presentations

Ads by Google