Psychology of Security

Similar documents
Psychology of Security

Slow down and live in the moment. This is a worthwhile resolution for the New

CURRICULUM OF THE DOCTORAL SCHOOL OF PSYCHOLOGY from 2016 (full time) 1 type of

CHAPTER 1 RESEARCH QUESTIONS & HYPOTHESES & HYPOTHESES. Copyright 2014 Dr. Rich Schuttler AGENDA. Copyright 2014 Dr.

Personality Traits and Labour Economics

The University Curriculum Committee will meet at 3:00 p.m. on Wednesday, March 4 in University Hall 282. A G E N D A

COURSE DESCRIPTIONS 科目簡介


2017/2018 Study Plan

PHYSICAL EDUCATION (5550)

Joint ICTP-IAEA School on Nuclear Energy Management. 15 July - 3 August, Main Principles of Effective Stakeholder Involvement

A Grounded Action Study on the Role of the Police 1

Psychological Attributes, Cognitive Abilities and Behaviour. Dieter Wolke & Zach Estes

Curriculum for the Continuing Education Programme in Propedeutic Studies in Psychotherapy at the University of Innsbruck

EVENT REGISTRATION FORM (for local chapter planning purposes only)

5 Individual Differences:

THE MOST IMPORTANT ASPECT OF YOUR PLANNING EFFORT

PERSONALITY TRAITS AS A VALID PREDICTOR OF RISKY DRIVING. University of Olomouc Traffic Psychology International (TPI)

Cultural Intelligence: A Predictor of Ethnic Minority College Students Psychological Wellbeing

Theory and Methods Question Bank

V. List the major objectives of the proposed minor and describe its chief features briefly.

PERSONALITY DEVELOPMENT AND IMAGE IMPROVEMENT: A CASE OF INTERNSHIP STUDENTS

Curriculum for the Continuing Education Programme of Sexual Therapy at the University of Innsbruck

Psychology (Specification B)

Chapter 3 Research Methods and the Practice of Emergency Management

The Effects of Gender Role on Perceived Job Stress

Finding Cultural Differences and Motivation Factors of Foreign Construction Workers

PSYCHOLOGY. The Psychology Major. Preparation for the Psychology Major. The Social Science Teaching Credential

Developing Management Skills. Chapter 1: Developing Self-Awareness. Copyright 2011 Pearson Education, Inc. publishing as Prentice Hall 1-11

MHR 405-Chapter 2. Motivation: The forces within a person that affect his or her direction, intensity and persistence of voluntary behaviour

Knowledge as a driver of public perceptions about climate change reassessed

Study Programmes. And Research

DEPARTMENT OF PSYCHOLOGY

Motivation CHAPTER FIFTEEN INTRODUCTION DETAILED LECTURE OUTLINE

Samah Saleh Mobile number: Nablus- Palestine Address:

Master of Science Psychology (Conversion)

JACQUELYN KELLEY: AN INTERVIEW BY MURIEL DONNELLY

ROADS to Success Choosing your specialty Dr Caroline Elton

Favorite world: Do you prefer to focus on the outer world or on your own inner world? This is called Extraversion (E) or Introversion (I).

Exercise in New Zealand - Part 1 What consumers think about exercise and the opportunities for the exercise industry

25-26 May 2015 Ditsong Museum

DevOps and The Big 5 Personality Traits

The Assisted Decision-Making (Capacity) Act 2015 and the Decision Support Service

NATIONAL DIPLOMA: OFFICIATING AND COACHING SCIENCE Qualification code: NDOC01 - NQF Level 6

PSYCHOLOGY Psychology is introduced as an elective subject at the higher secondary stage of school education. As a discipline, psychology specializes

School of Improvement Supporting trainees from Students to Consultants

MSc Psychological Research Methods/ MPsych Advanced Psychology Module Catalogue / 2018

Course Descriptions for Courses in the Entry-Level Doctorate in Occupational Therapy Curriculum

Cognitive & Linguistic Sciences. What is cognitive science anyway? Why is it interdisciplinary? Why do we need to learn about information processors?

PS3021, PS3022, PS4040

Business Research: Principles and Processes MGMT6791 Workshop 1C: The Nature of Research & Scientific Method

TRAINING IN PSYCHOANALYTIC PSYCHOTHERAPY

Neff, K. D., & Lamb, L. M. (2009). Self-Compassion. In S. Lopez (Ed.), The. Encyclopedia of Positive Psychology (pp ). Blackwell Publishing.

SURVEY ABOUT YOUR PRESCRIPTION CHOICES

Nuclear Physics Activities at the IAEA Ralf Kaiser, Physics Section Head

Notes Unit I Theories, Perspectives and Background Information

Syllabus Study Programme in Physiotherapy

PROBLEMATIC USE OF (ILLEGAL) DRUGS

Chapter 1: Sociology in the Real World LECTURE SLIDES W. W. Norton & Co., Inc.

Causal inference: Nuts and bolts

The Psychology behind Safety - Workers and Leaders. Key concepts:

We worked with 12,900. clients last year. Self Help Services is a user-led mental health charity that helps people to help themselves.

AU TQF 2 Doctoral Degree. Course Description

MOTIVATION AND BEHAVIOUR MOTIVATION

Your progression in the fitness industry

THE POTENTIAL IMPACTS OF LUAS ON TRAVEL BEHAVIOUR

Improving sound quality measures through the multifaceted soundscape approach

Environmental Education In The Workplace: vehicle trips by commuters into the Perth CBD. Catherine M. Baudains BSc. Dip Ed. Hons.

Lecturer: Dr. Emmanuel Adjei Department of Information Studies Contact Information:

UNOBTRUSIVE RESEARCH 23/11/ Content Analysis. Sociological Research Methods

Personality: Definitions

NDT AND QS INTEGRATED EDUCATIONAL MODULS - A GATEWAY TO AN INTERNATIONAL BACCALAUREATE CREDIT PROGRAM T. Krstelj 1, A. Stranjik 1, and A.

LISTEN! You might be going deaf DEPARTMENT OF LABOUR TE TARI MAHI OCCUPATIONAL SAFETY & HEALTH SERVICE

Bringing Out the Leader in You. George Koenig President NCEMSF

ORANGE COUNTY CORRECTIONS INMATE PROGRAMS

1/16/2012. Personality. Personality Structure

COURSE: NURSING RESEARCH CHAPTER I: INTRODUCTION

PROGRAMME SPECIFICATION UNDERGRADUATE PROGRAMMES

Best Practice Unit. Briefing Paper

Work Personality Index Factorial Similarity Across 4 Countries

Running Head: PERSONALITY AND SOCIAL MEDIA 1

Test Code: SCA/SCB (Short Answer type) Junior Research Fellowship in Psychology

PSYCHOLOGY (413) Chairperson: Sharon Claffey, Ph.D.

JCI Training Programmes

ADAMS STATE UNIVERSITY MA

CHAPTER 1 TEST ITEMS

INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN MANAGEMENT (IJARM)

Education & Training for Radiation Dosimetry

M.Sc. in Psychology Syllabus

An important aspect of assessment instruments is their stability across time, often called

Digitally including the socially excluded: perspectives from mental health

Each of the parties has 1000 pounds. Your group s objective is to negotiate with the other group for more than 1000 pounds.

CLINICAL VS. BEHAVIOR ASSESSMENT

PSYCHOLOGY DISCOVER THE MIND

The TLG Fast Track Internship: A Unique Opportunity!

Services. Related Personal Outcome Measure: Date(s) Released: 21 / 11 / / 06 /2012

WORK VALUE AS MOTIVATIO AMO G SOFTWARE PROFESSIO ALS

MANAGEMENT. MGMT 0021 THE MANAGEMENT PROCESS 3 cr. MGMT 0022 FINANCIAL ACCOUNTING 3 cr. MGMT 0023 MANAGERIAL ACCOUNTING 3 cr.

Participant as Ally - Essentialist Portraiture. Methodology/philosophy or research approach ORIGINAL PARADIGM

Transcription:

Security as human behaviour and experience Stefan Schumacher www.sicherheitsforschung-magdeburg.de DeepSec Vienna 21.11.2013

About me President of the Magdeburg Institute for Security Research Editor of the Magdeburg Journal of Security Research Freelance Security Consultant Hacker for 20 years, ex-netbsd developer Educational Science and Psychology, Research on Social Engineering Focus on Social Engineering, Security Awareness, Organizational Security

ToC 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Inhaltsverzeichnis 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Psychology empirical and theoretical science describes, explains and predicts human behaviour and experiences human development and the internal and external causes and conditions Differential and Personality P., Social P., Industrial P., Organisational P., Pedagogical P.

Psychology and IT-Security? Security is a latent social Construct and has to be treated as such. Psychological and sociological Methods and Tools are required. If the Security of a System should be enhanced, a Diagnosis, Prognosis and Intervention is required.

Security and Psychology Security is concluded by making Decisions Individuals make decisions based on their Biography, the Situation and how they perceive their Environment see: von Foerster, Luhmann, Spencer Brown, Baecker et.al. Psychology is the Science which researches these Topics. Therefore, Psychology is required to research Security. Psychology is the only Science able to research the basic fundamentals of Security.

Washing your Hands More pregnant Women died in the Vienna General Hospital than in a Monastery Ignaz Semmelweis discovered that Physicians transmit pathogenic agents He proposed that Physicians should wash their Hands His Idea was rejected and he was considered to be somewhat crazy This can only be explained by Psychology

Washing your Hands More pregnant Women died in the Vienna General Hospital than in a Monastery Ignaz Semmelweis discovered that Physicians transmit pathogenic agents He proposed that Physicians should wash their Hands His Idea was rejected and he was considered to be somewhat crazy This can only be explained by Psychology

1996: Ariane 5 Flight 501 320 000 000 Euro

Some Examples Users choose weak Passwords... Users are not interested in Security... Users don t understand Security... Programmers create Buffer Overflows and forget safety Regulations... Admins forget to patch... Developers use MD5 as Password Hash... Social Engineering Security Awareness

Research Programme Vienna Programme for Cyber-Peace introduced last year is part of it 3 years estimated currently started

What do we need? Fundamental Research about the Perception of Security Fundamental Research about Personality/Attitudes and Security Organizational Development and Security Cultural Differences Didactics (Teaching Methodology) of Security What to teach?

Inhaltsverzeichnis 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Perception of Security radical constructivistic approach each Individual perceives the World in one s own Way shaped by one s former experiences We have to explore this Worldview in depth by qualitative Research

Perception of Security different Tools and Methods exist several qualitative/semi-structured Interviews are lead with different interviewes eg. autobiographic-narrative Interviews with Hackers and Users Expertinterviews with Hackers and Researchers What shapes a Hacker s mind? How do Users perceive IT-Security? How can this Perception be changed? Are there Science based Security Awareness Tools?

Riskhomeostasis Risk behaviour is controlled by different Variables Self-perception, subjective Skills, objective Skills, Perception of Risk, Risk acceptance Researched in Industrial Psychology: Air Traffic Controller/Pilots, Workers in Nuclear Power Plants, Motor Vehicle Operator... Study: East German Taxi Drivers switched from Wolga to Mercedes and had more accidents

Riskhomeostasis Risk behaviour is controlled by different Variables Self-perception, subjective Skills, objective Skills, Perception of Risk, Risk acceptance Researched in Industrial Psychology: Air Traffic Controller/Pilots, Workers in Nuclear Power Plants, Motor Vehicle Operator... Study: East German Taxi Drivers switched from Wolga to Mercedes and had more accidents

Personality and Security Different Theories of Personality exist We use empirical sound Tools to examine Personality Traits and security relevant Behaviour Personality Traits are very stable over Lifetime quantitative research Big5: Neuroticism, Extraversion, Openness, Conscientiousness, Agreeableness Motives: Power, Achievement Orientation and others How do they correlate with security relevant behaviour?

Inhaltsverzeichnis 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Organizational Development Security is a huge and hot Topic in Companies lots of Money is spend on Security Awareness and Training lots of different Methods exist eg. in Knowledge Management, Leadership, Organizational Development Which of them are useful for security relevant Behaviour? Strict Hierarchies can be easily attacked with Social Engineering...

Inhaltsverzeichnis 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Cultural Differences Culture influences Organisations and Individuals What are the differences? How can they influence Security? eg: How is the TVET system organizes? Is there a TVET System? On the job training? Only colleges? Lots of Tools and Methods exist, Research Results also Can they be transfered to our Problems?

Inhaltsverzeichnis 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Didactics Didactics is the Science of Learning and Teaching Teaching Methodology very well researched in Germany due to the dual TVET System well funded and empirical sound several curriculums for IT skilled labour exist how can they be enhanced with IT security

How? How can we teach Security? Which Methods work best under which Circumstances? E-Learning? Blended Learning? Only Facts? Theory? Practical Approach? Culture is relevant well researched Model of Competencies/Capabilites is used in Germany not only facts are taught, but also studying and research methods independent learning is emphasized trainees learn how to keep their knowledge up to date trainees have to be able to know what to learn

How? How can we use this Model of Competencies/Capabilites? What are the best Methods to develop those Competencies? action oriented teaching? project work? masterpieces?

Who? Who has to learn about IT Security? Sysadmins, Developers, End Users create different roles determine what each role has to learn

What What to teach and learn? Who needs to understand Elliptic Curve Cryptography? Webmaster? Sysadmins? End Users? Who needs to understand what? How do we test that? When and How do those Curriculums and Tests need to be revised?

Web based teaching Part of the Programme modularized Curriculum adapted for different Roles different web based Methods including Mobile Learning including tests and certification

Inhaltsverzeichnis 1 Intro 2 Fundamental Research 3 Organizational Development and Security 4 Cultural Differences 5 Didactics of Security 6 Knowledge Base

Getting Knowledge Too much information is floating around too old information, which is obsolete and outdated false information find methods to identify correct knowledge create a knowledge base? who decides about the contents? empower users to identify correct/required knowledge?

What to do? Finish fundamental research Discuss what to teach Research cultural Differences Find adequate teaching Methods

sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de youtube.de/sicherheitsforschung http://www.sicherheitsforschungmagdeburg.de/publikationen/journal.html

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback