Human behaviour experts to study human vulnerabilities in security systems

(20/02/2007)

A team of globally renowned security and human behaviour experts has been awarded a contract to study human vulnerabilities in security systems by the UK Government-funded Cyber Security Knowledge Transfer Network (KTN). The winning consortium includes leading academic researchers with expertise in psychology, criminology, computing, management and marketing, and security practitioners from some of the UK's leading companies.

The study reflects concern that more needs to be done to help organisations and individual users of cyber space protect themselves and the UK's critical infrastructure from the increase in cyber attacks and organised e-crime. Criminals and hackers frequently dupe users into releasing sensitive and valuable information or introducing viruses onto their computers and associated networks, often employing sophisticated social engineering techniques to exploit these human weaknesses.

The winning team will outline best practice and make recommendations as to how the IT industry can encourage computer users to behave in a far more secure manner when surfing the internet and doing business in cyber space. These recommendations will take the form of a white paper that will be produced in the spring and made publicly available to ensure the study benefits the widest possible audience.

The team will be chaired by M. Angela Sasse, Professor of Human-Centred Technology at UCL, and the group's final report will be reviewed by Bruce Schneier, founder and CTO of BT Counterpane and recognised as one of the world's foremost security experts.

Professor Sasse will be supported by a number of industry security experts, including representatives of BT, HP, Microsoft, QinetiQ and Vodafone and 11 leading academics from UK universities. These include Professor Martin Gill, one of the world's leading criminologists, Professor Fred Piper, one of the pioneering researchers in computer security, human behaviour researchers from the Defence Academy and software engineering researchers from Oxford University.

Announcing the award of the contract Dr Sadie Creese, Director of the Cyber Security KTN, said: "The breadth and depth of the winning consortium is exceptional. The role of the KTN is to bring together the cream of UK industrial, academic and government expertise and the team assembled under Professor Sasse certainly meets that requirement. Vulnerabilities introduced by human behaviour are often at the heart of security problems and I expect this team to make a valuable and practical contribution to the community's understanding of this important issue."

Welcoming her team's successful bid, Professor Sasse said: "By drawing on expertise from the social sciences as well as the security domain, we have broadened the knowledge base from which we will deliver a meaningful and useful study. We are also very fortunate to be able to call on the counsel of Bruce Schneier who brings immense experience to our team.

"The IT security community has given only patchy consideration to the human factor in security and I welcome the opportunity to help improve our collective understanding of this critical area and translate it into practical advice for companies and individual users. This exercise will also help us to identify key problems where further research is needed, and set up collaborative efforts between academics and industry to address them."

The Cyber Security KTN, funded by the DTI and managed and directed by QinetiQ, was established in 2006 to tackle some of the universal digital security challenges facing the UK by drawing together the country's best industry, academia and government digital security expertise. Other KTN activities include a group established to address how to best deploy and manage a global identity management system, a group examining the business models for trusted computing and another group looking at how best to measure the level of risk users are exposed to when using the internet.

Related topics:  Security industry 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources