Cognitive Science for IT Security

Posted by

Humans are involved in 80-90% of IT security system breaches. We have the technological capacity to keep our software systems secure with but we cannot control the way people use IT. As the complexity of IT systems increase, designers must view users as key factor in the design process.

What is cognitive science?

The first step is to understand how users perceive, reason and act. Cognitive science is the best way to do this, as it is the study of mind and intelligence. We can look inside our users’ minds. Read more here:

Cognitive Science: What makes your users tick?

Why use cognitive science?

Keeping a secret or trying to intercept someone else’s news is the most human of all activities and as old as time itself. And in consequence, cryptography and IT security fail because users invariably behave in a way that they shouldn’t. During WWII, code breakers at Bletchley cracked encrypted messages generated by the supposedly unbreakable German Enigma machine because they looked for human weaknesses in the German operators, using techniques which are today standard in usability and human-computer interaction research. Read more here:

Codebreaking at Bletchley WWII: humans are the weakest link

How to use cognitive science in IT security

Users are not the enemy. Once we understand that users need better feedback and system transparency, we can begin to give them systems which encourage psychological responsibility, and more intuitive user interfaces. Read more here:

Security and usability: Don’t let your users get you down

Related blogs

Other links


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.