Start your own group! All DESIGN 21 members have the ability to create organizations.

Create A Group
Abney Associates

Abney Associates

Community

16 Supporters

  • 'Computer security is an abstract benefit ‘| abney and associates warning, avoid internet scams

    Community, Communication Design

    http://www.theregister.co.uk/2013/04/23/securityawarenesstraining/

    "We are forever trying to train people to have healthier lifestyles: eat better, exercise more, whatever," Schneier writes in a wonderfully entertaining blog post.

    "And people are forever ignoring the lessons. One basic reason is psychological: we just aren't very good at trading off immediate gratification for long-term benefit. A healthier you is an abstract eventually; sitting in front of the television all afternoon with a McDonald's Super Monster Meal sounds really good right now."

    "Similarly, computer security is an abstract benefit that gets in the way of enjoying the internet. Good practices might protect me from a theoretical attack at some time in the future, but they're a lot of bother right now and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy; no one reads through new privacy policies; it's much easier to just click "OK" and start chatting with your friends. In short: security is never salient."

    Schneier expands his ideas by looking at areas where awareness training or education initiatives work (driving, HIV prevention) and where they fail (training the general public to wash their hands, make drug decisions at a pharmacy, food safety).

    He summarises the obstacles in the path of effective security training. "The threats change constantly, the likelihood of failure is low, and there is enough complexity that it's hard for people to understand how to connect their behavior to eventual outcomes. So they turn to folk remedies that, while simple, don't really address the threats.

    "We should stop trying to teach expertise, and pick a few simple metaphors of security and train people to make decisions using those metaphors," Schneier concludes, adding that another problem is that "computer security is often only as strong as the weakest link".

    "We should be designing systems that won't let users choose lousy passwords and don't care what links a user clicks on. We should be designing systems that conform to their folk beliefs of security, rather than forcing them to learn new ones."

    Security awareness education isn't so much a waste of time as misdirected, according to Schneier. "We should be spending money on security training for developers. These are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system," Schneier concludes.

Leave a Response

Fields marked * are required


No file selected (must be a .jpg, .png or .gif image file)


Once published, you will have 15 minutes to edit this response.

Cancel

Abney is an ancient Norman name that arrived in England after the Norman Conquest of 1066. The Abney family lived in or near the settlement of Abney..

Join This Group

Abney Associates

Turkey

Contact Abney Associates

Moderator: winema gaven