Humans are involved in 80-90% of IT security system breaches. We have the technological capacity to keep our software systems secure with but we cannot control the way people use IT. As the complexity of IT systems increase, designers must view users as key factor in the design process.
What is cognitive science?
The first step is to understand how users perceive, reason and act. Cognitive science is the best way to do this, as it is the study of mind and intelligence. We can look inside our users’ minds. Read more here:
Why use cognitive science?
Keeping a secret or trying to intercept someone else’s news is the most human of all activities and as old as time itself. And in consequence, cryptography and IT security fail because users invariably behave in a way that they shouldn’t. During WWII, code breakers at Bletchley cracked encrypted messages generated by the supposedly unbreakable German Enigma machine because they looked for human weaknesses in the German operators, using techniques which are today standard in usability and human-computer interaction research. Read more here:
How to use cognitive science in IT security
Users are not the enemy. Once we understand that users need better feedback and system transparency, we can begin to give them systems which encourage psychological responsibility, and more intuitive user interfaces. Read more here:
- Bechtel W., & Graham G. (Eds), A Companion to Cognitive Science, Basil Blackwell, 1998
- Cranor L., & Garfinkel S., (Eds) Security and Usability: Designing Secure Systems that People Can Use, O’Reilly, 2005
- Krug, S., Don’t Make Me Think!: A Common Sense Approach to Web Usability, Que, 2000
- Norman, D., The Design of Everyday Things, New York: Basic Books (Perseus), 2002
- Tufte, E. Visual Display of Quantitative Information, Graphics Press, 1992
- Passfaces: a different password system
- The famous “Stroop Effect”, named after J. Ridley Stroop