Threats to cyber-security
Service provider factors
User
Operational environment
Security tasks
Security tools
Human
performance
Outcomes
1. High
(e.g., multiple tasks,
speed of
communications)
1. Enhanced
security capability
2. Positive user
experience(trust)
3. Threat detection
2. Low
(e.g., unintentional
and intentional
mistakes)
FIGURE 5.3
Macro-ergonomic conceptual framework for cyber-security.
Adapted from
Kraemer et al., 2009
.
50
CHAPTER 5
User requirements for cyber-security investigations
of which will be focused either explicitly or implicitly on their own security or the
wider security of the network (e.g., login/password protocols, user identity checks)
and in a similar way to the security framework, performance is shaped by task and
workload factors (e.g., overload/underload/task monotony/repetition). Within cyber-
security, a key difference to the establish security framework is that organizational
factors are supplanted by service provider factors. In this way cyber policies may
dictate specific security measures but in terms of a formal security capability (polic-
ing the web in a similar way that security personnel police public spaces—supported
by formal training, management support, culture and organizational structures) there
is no such provision. Indeed, individual user training is at best very ad-hoc and in
most cases nonexistent. The operational environment is only constrained by a user
with access to the web. The user is just as capable of performing their tasks sitting on
a busy train (where others can view their interaction or video them inputting login/
password data) or in the comfort and privacy of their own home.
A particularly interesting area of cyber-security is that of user trust. From a more
traditional perspective, as with any form of technology or automated process there
must be trust in the system, specific functionality of system components, communi-
cation within the system and a clear distinction of where authority lies in the system
(
Taylor and Selcon, 1990
). Applying this to cyber-trust a range of issues present
themselves:
• User acceptance of on-line transactions are balanced against the risks and
estimated benefits.
• Trust is generated from the technology used for interactions (e.g., the perception
of secure protocols against the vulnerability of open networks) and also in the
credibility of the individuals or organizations that are part of the interaction
process (
Beldad et al., 2010
).
• To develop on-line trust, the emphasis is on individuals and organizations to
present themselves as trustworthy (
Haas and Deseran, 1981
). In order to achieve
this, it is important, to communicate trust in a way that users will identify with
(e.g., reputation, performance, or even website appearance).
• Web-based interactions offer users with multiple “first-time” experiences (e.g.,
buying products from different websites, or joining different chat-rooms). This
suggests that people who lack experience with online transactions and with
online organizations might have different levels of trust compared to those with
more experience (
Boyd, 2003
).
• Security violations in human-computer interaction may be due to systematic
causes such as cognitive overload, lack of security knowledge, and mismatches
between the behavior of the computer system and the user’s mental model
(
Cerone and Shaikh, 2008
).
• To some extent users will develop their own mental models and of such
interactions by which to gauge subsequent procedures. Understanding the
constructs and evolution of these mental models and how they evolve is a key
factor in understanding the expectations of users for new cyber-interactions.
Do'stlaringiz bilan baham: |