QinetiQ2006-11-24 13:20:24
IT industry looks to human behaviour experts to improve security
Human factors working group worth up to £50k to be established
A QinetiQ-managed national cyber security network is turning to experts in human behaviour, including psychologists and sociologists, in order to address IT security problems caused by human users. By learning how other unrelated sectors and domains successfully build trust and communicate risk it is hoped that the IT industry can encourage computer users to behave in a far more secure manner when surfing the internet and doing business in cyber space.
A competition for a human factors working group has been launched by the DTI-funded Cyber Security Knowledge Transfer Network (KTN) to reflect concern that more needs to be done to help users of cyber space protect themselves and the UK's critical infrastructure from the increase in cyber attacks and organised e-crime. Criminals and hackers frequently dupe users into releasing sensitive and valuable information or introducing viruses onto their computers and associated networks, often employing sophisticated social engineering techniques to exploit these human weaknesses.
The IT security community has given only patchy consideration to these human factors issues and the KTN working group, participation in which will be funded up to a value of £50,000, has been tasked with outlining best practice and insights from other disciplines. Experts in marketing, sociology, cognitive psychology, the psychology of faith and cult groups, design and ergonomics could be consulted.
QinetiQ's Sadie Creese, director of the Cyber Security KTN, said: "In the digital age, where we are increasingly connected to each other, a vulnerability introduced because of one person's actions can have implications throughout a whole network. The bad guys understand this and exploit these user-based weaknesses very effectively.
"As a community we have a responsibility to help users protect themselves and, by extension, protect all of us. Rather than address this challenge in an insular way we feel we can benefit from the experience and expertise of other unrelated domains. We remain open-minded as to which domains are consulted. This will be defined by the winning proposal."
The working group will investigate practical measures the community might adopt to improve security practices. The KTN is particularly interested in:
• communicating the risks associated with interactions in the cyber community domain, with particular emphasis on use of the internet;
• building trust in cyber security technologies, solutions and practices;
• building demand for cyber security solutions;
• developing cyber security software and solutions which are easy to use by non-expert users.
A white paper will be produced early next year detailing the approaches that will have the greatest potential practical application and impact. This will be placed into the public domain by the KTN.
The Cyber Security KTN, managed and directed by QinetiQ, was established earlier this year to tackle some of the universal digital security challenges facing the UK by drawing together the country's best industry, academia and government digital security expertise.
Other KTN activities include a group established to address how to best deploy and manage a global identity management system, a group examining the business models for trusted computing and another group looking at how best to measure the level of risk users are exposed to when using the internet.
*
Human factors working group worth up to £50k to be established
A QinetiQ-managed national cyber security network is turning to experts in human behaviour, including psychologists and sociologists, in order to address IT security problems caused by human users. By learning how other unrelated sectors and domains successfully build trust and communicate risk it is hoped that the IT industry can encourage computer users to behave in a far more secure manner when surfing the internet and doing business in cyber space.
A competition for a human factors working group has been launched by the DTI-funded Cyber Security Knowledge Transfer Network (KTN) to reflect concern that more needs to be done to help users of cyber space protect themselves and the UK's critical infrastructure from the increase in cyber attacks and organised e-crime. Criminals and hackers frequently dupe users into releasing sensitive and valuable information or introducing viruses onto their computers and associated networks, often employing sophisticated social engineering techniques to exploit these human weaknesses.
The IT security community has given only patchy consideration to these human factors issues and the KTN working group, participation in which will be funded up to a value of £50,000, has been tasked with outlining best practice and insights from other disciplines. Experts in marketing, sociology, cognitive psychology, the psychology of faith and cult groups, design and ergonomics could be consulted.
QinetiQ's Sadie Creese, director of the Cyber Security KTN, said: "In the digital age, where we are increasingly connected to each other, a vulnerability introduced because of one person's actions can have implications throughout a whole network. The bad guys understand this and exploit these user-based weaknesses very effectively.
"As a community we have a responsibility to help users protect themselves and, by extension, protect all of us. Rather than address this challenge in an insular way we feel we can benefit from the experience and expertise of other unrelated domains. We remain open-minded as to which domains are consulted. This will be defined by the winning proposal."
The working group will investigate practical measures the community might adopt to improve security practices. The KTN is particularly interested in:
• communicating the risks associated with interactions in the cyber community domain, with particular emphasis on use of the internet;
• building trust in cyber security technologies, solutions and practices;
• building demand for cyber security solutions;
• developing cyber security software and solutions which are easy to use by non-expert users.
A white paper will be produced early next year detailing the approaches that will have the greatest potential practical application and impact. This will be placed into the public domain by the KTN.
The Cyber Security KTN, managed and directed by QinetiQ, was established earlier this year to tackle some of the universal digital security challenges facing the UK by drawing together the country's best industry, academia and government digital security expertise.
Other KTN activities include a group established to address how to best deploy and manage a global identity management system, a group examining the business models for trusted computing and another group looking at how best to measure the level of risk users are exposed to when using the internet.
*
For more information contact:
Cody Technology Park
Room G069, Building A 7
Cody Technology Park, Ively Road
FARNBOROUGH
Hampshire
GU14 0LX
United Kingdom
Tel: +44(0)8700 100 942