The human factor in IT security

A Qinetiq-managed national cyber security network is turning to experts in human behaviour, including psychologists and sociologists to address IT security problems caused by human users. By learning how other unrelated sectors and domains successfully build trust and communicate risk, Qinetiq hopes the IT industry can encourage computer users to behave more securely online.

The DTI-funded Cyber Security Knowledge Transfer Network (KTN) launched a competition for a human factors working group to protect users from online crime. Criminals and hackers frequently dupe users into releasing sensitive information or introducing viruses onto their computers using sophisticated social engineering techniques.

Participation in the KTN working group to address human issues in IT security will be funded up to a value of £50,000. The group has been tasked with outlining best practice and insights from other disciplines. It will consult experts in fields which could include marketing, sociology, cognitive psychology, the psychology of faith and cult groups, design and ergonomics.

The working group will investigate practical measures the community might adopt to improve security practices. The KTN is particularly interested in communicating the risks associated with interactions in the cyber community domain, with particular emphasis on use of the internet. It also aims to build trust in cyber security technologies, solutions and practices. Similarly, the KTN will also aim to  build demand for cyber security solutions and develop cyber security software and solutions which are easy to use by non-expert users.

A white paper will be produced early next year detailing the approaches that will have the greatest potential practical application and impact. This will be placed into the public domain by the KTN.