Threats to cyber-security

50
CHAPTER 5
User requirements for cyber-security investigations
of which will be focused either explicitly or implicitly on their own security or the 
wider security of the network (e.g., login/password protocols, user identity checks) 
and in a similar way to the security framework, performance is shaped by task and 
workload factors (e.g., overload/underload/task monotony/repetition). Within cyber-
security, a key difference to the establish security framework is that organizational 
factors are supplanted by service provider factors. In this way cyber policies may 
dictate specific security measures but in terms of a formal security capability (polic-
ing the web in a similar way that security personnel police public spaces—supported 
by formal training, management support, culture and organizational structures) there 
is no such provision. Indeed, individual user training is at best very ad-hoc and in 
most cases nonexistent. The operational environment is only constrained by a user 
with access to the web. The user is just as capable of performing their tasks sitting on 
a busy train (where others can view their interaction or video them inputting login/
password data) or in the comfort and privacy of their own home.
A particularly interesting area of cyber-security is that of user trust. From a more 
traditional perspective, as with any form of technology or automated process there 
must be trust in the system, specific functionality of system components, communi-
cation within the system and a clear distinction of where authority lies in the system 
(
Taylor and Selcon, 1990
). Applying this to cyber-trust a range of issues present 
themselves:
• User acceptance of on-line transactions are balanced against the risks and 
estimated benefits.
• Trust is generated from the technology used for interactions (e.g., the perception 
of secure protocols against the vulnerability of open networks) and also in the 
credibility of the individuals or organizations that are part of the interaction 
process (
Beldad et al., 2010
).
• To develop on-line trust, the emphasis is on individuals and organizations to 
present themselves as trustworthy (
Haas and Deseran, 1981
). In order to achieve 
this, it is important, to communicate trust in a way that users will identify with 
(e.g., reputation, performance, or even website appearance).
• Web-based interactions offer users with multiple “first-time” experiences (e.g., 
buying products from different websites, or joining different chat-rooms). This 
suggests that people who lack experience with online transactions and with 
online organizations might have different levels of trust compared to those with 
more experience (
Boyd, 2003
).
• Security violations in human-computer interaction may be due to systematic 
causes such as cognitive overload, lack of security knowledge, and mismatches 
between the behavior of the computer system and the user’s mental model 
(
Cerone and Shaikh, 2008
).
• To some extent users will develop their own mental models and of such 
interactions by which to gauge subsequent procedures. Understanding the 
constructs and evolution of these mental models and how they evolve is a key 
factor in understanding the expectations of users for new cyber-interactions.

Download 5,67 Mb.

Do'stlaringiz bilan baham: