Psychology of Security: a Research Programme

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration)

IT Security is often considered to be a technical problem. However, IT Security is about decisions made by humans and should therefore be researched with psychological methods. Technical/Engineering methods are not able to solve security problems. In this talk I will introduce the Institute's research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security?

Presenters:

• Stefan Schumacher - Magdeburger Institut für Sicherheitsforschung
  Stefan Schumacher is head of the Magdeburger Institut für Sicherheitsforschung (Magdeburg Institute for Security Research) and currently running a research programme about the psychology of security. This includes social engineering, security awareness and qualitative research about the perception of security.

Links:

• https://deepsec.net/archive/2013.deepsec.net/speaker.html#PSLOT133

Similar Presentations:

• GrrCON 2014 / Security Hopscotch
• DeepSec 2014 „Do you want to know more?“ / Why IT Security Is Fucked Up And What We Can Do About It
• GrrCON 2013 / Security Counterknowledge