Who Is Reading? Mental Attitudes & Web Security
Páginas: 13 (3040 palabras)
Publicado: 4 de marzo de 2013
Who is Reading? Mental Attitudes & Web Security
FERNANDO DOYLET
GRADUATE SCHOOL OF COMPUTER AND INFORMATION SCIENCES
Nova Southeastern University
Davie, Florida 33324 USA
doylet@nova.edu
________________________________________________________________________
Abstract: To provide risks and cost analysis, risks have to be understood within a classification, which could be valuedaccording to a specific point of view or attitude; we could be proactive or a reactive to risks, with a positive or a negative mental attitude; either way, it is important to document all the assumptions included, when considering the adoption of a security standard, and explore its possible vulnerabilities.
Categories and Subject Descriptors: H.1.2 [Models and Principles]: User/Machine Systems –Software psychology; D.4.6 [Operating Systems]: Security and Protection; C.4 [Computer Systems Organization]: Performance of Systems – Design Studies.
General Terms: Human Factors, Standardization, Theory
Additional Key Words and Phrases: Security, threats, Web security, user-centered design, mental models.
________________________________________________________________________
1.INTRODUCTION
TO PROVIDE RISKS AND COST ANALYSIS, RISKS HAVE TO BE UNDERSTOOD WITHIN A CLASSIFICATION, WHICH COULD BE VALUED ACCORDING TO A SPECIFIC POINT OF VIEW OR ATTITUDE; WE COULD BE PROACTIVE OR A REACTIVE TO RISKS, WITH A POSITIVE OR A NEGATIVE MENTAL ATTITUDE; EITHER WAY, IT IS IMPORTANT TO DOCUMENT ALL THE ASSUMPTIONS INCLUDED, WHEN CONSIDERING THE ADOPTION OF A SECURITY STANDARD, AND EXPLOREITS POSSIBLE VULNERABILITIES.
The weakest link on the Internet may be the new or unskilled computer user, to whom we dedicate part of our resources, o we simply ignore. This document will first compare several risks classifications and mental frames, from the user’s point of view; to continue with the exploration of vulnerabilities of a largely accepted security standard; which will take us toconsider the new and careless computer users, and a suggested standard classification of computer users.
Permission to make digital/hard copy of part of this work for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage, the copyright notice, the title of the publication, and its date of appear, and notice is giventhat copying is by permission of the ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee.
© 2004 ACM ISBN ….. $5.00
2. risk classifications and mental frames
2.1 RISK CLASSIFICATIONS
Adams [2004] defines three kinds of perceived risk (see Figure 1) which could be adapted to computer users with thefollowing examples:
a. risk perceived directly, like unsolicited emails with attachments and popups;
b. risk perceived thru science, like viruses and trojan horses;
c. virtual or uncertain risk, like low level radiation and unauthorized cookies;
these are the risks as perceived by users, to complement -or- in contrast to the classifications of threats to information systems.
[pic]Figure 1. kinds of perceived risk
Farahmand et al. [2003] classify threats from the point of view of the threat agent as 1) authorized user, 2) unauthorized user, and 3) environmental factor. Slewe and Hogenboom [2004] classify threats as internal or external, of human nature as unconscious or deliberate, by the impact as financial or image threats, and by the possible attackers which may beamateurs, professionals, criminals or terrorists.
To better understand how the computer user participates in the prevention or growth of threats to information systems, it is helpful to determine how we as computer users perceive risks and the mental frames that may explain our behaviors. In addition, remember that system administrators and project managers are also computer users, with similar...
FERNANDO DOYLET
GRADUATE SCHOOL OF COMPUTER AND INFORMATION SCIENCES
Nova Southeastern University
Davie, Florida 33324 USA
doylet@nova.edu
________________________________________________________________________
Abstract: To provide risks and cost analysis, risks have to be understood within a classification, which could be valuedaccording to a specific point of view or attitude; we could be proactive or a reactive to risks, with a positive or a negative mental attitude; either way, it is important to document all the assumptions included, when considering the adoption of a security standard, and explore its possible vulnerabilities.
Categories and Subject Descriptors: H.1.2 [Models and Principles]: User/Machine Systems –Software psychology; D.4.6 [Operating Systems]: Security and Protection; C.4 [Computer Systems Organization]: Performance of Systems – Design Studies.
General Terms: Human Factors, Standardization, Theory
Additional Key Words and Phrases: Security, threats, Web security, user-centered design, mental models.
________________________________________________________________________
1.INTRODUCTION
TO PROVIDE RISKS AND COST ANALYSIS, RISKS HAVE TO BE UNDERSTOOD WITHIN A CLASSIFICATION, WHICH COULD BE VALUED ACCORDING TO A SPECIFIC POINT OF VIEW OR ATTITUDE; WE COULD BE PROACTIVE OR A REACTIVE TO RISKS, WITH A POSITIVE OR A NEGATIVE MENTAL ATTITUDE; EITHER WAY, IT IS IMPORTANT TO DOCUMENT ALL THE ASSUMPTIONS INCLUDED, WHEN CONSIDERING THE ADOPTION OF A SECURITY STANDARD, AND EXPLOREITS POSSIBLE VULNERABILITIES.
The weakest link on the Internet may be the new or unskilled computer user, to whom we dedicate part of our resources, o we simply ignore. This document will first compare several risks classifications and mental frames, from the user’s point of view; to continue with the exploration of vulnerabilities of a largely accepted security standard; which will take us toconsider the new and careless computer users, and a suggested standard classification of computer users.
Permission to make digital/hard copy of part of this work for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage, the copyright notice, the title of the publication, and its date of appear, and notice is giventhat copying is by permission of the ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee.
© 2004 ACM ISBN ….. $5.00
2. risk classifications and mental frames
2.1 RISK CLASSIFICATIONS
Adams [2004] defines three kinds of perceived risk (see Figure 1) which could be adapted to computer users with thefollowing examples:
a. risk perceived directly, like unsolicited emails with attachments and popups;
b. risk perceived thru science, like viruses and trojan horses;
c. virtual or uncertain risk, like low level radiation and unauthorized cookies;
these are the risks as perceived by users, to complement -or- in contrast to the classifications of threats to information systems.
[pic]Figure 1. kinds of perceived risk
Farahmand et al. [2003] classify threats from the point of view of the threat agent as 1) authorized user, 2) unauthorized user, and 3) environmental factor. Slewe and Hogenboom [2004] classify threats as internal or external, of human nature as unconscious or deliberate, by the impact as financial or image threats, and by the possible attackers which may beamateurs, professionals, criminals or terrorists.
To better understand how the computer user participates in the prevention or growth of threats to information systems, it is helpful to determine how we as computer users perceive risks and the mental frames that may explain our behaviors. In addition, remember that system administrators and project managers are also computer users, with similar...
Leer documento completo
Regístrate para leer el documento completo.