Applying psychology to computer security

1 min read

Combining computer security with psychology and economics will be the subject of a public talk at De Montfort University, Leicester.

Professor Ross Anderson (pictured), an expert in the field of information security from the University of Cambridge, will look at whether psychology and economics could be useful tools in developing a framework for analysing security issues. Professor Anderson said: "For years, people thought that the insecurity of the internet was due to a shortage of features. We began to realise that failures – of both security and dependability – are intricately tied up with incentives. Systems often fail because the people who guard and maintain them don't bear the full costs of failure. This led to the emergence of a new field of study, information security economics. It provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas such as system dependability and policy." He added: "An exciting recent development is the interaction with psychology. As systems get harder to attack, the bad guys attack the users instead; phishing only got properly going in 2004, but by 2006 cost British banks £35m. We now know that most information security mechanisms are too hard to use, being designed by geeks for geeks. We urgently need to introduce bright ideas from psychology and human computer interface design." Professor Anderson is Professor of Security Engineering at the University of Cambridge's Computer Laboratory and has carried out pioneering work on peer-to-peer systems, steganography, hardware tamper-resistance, API security and security usability. The talk takes place on April 20 and further information is available by contacting Lindsey Trent or Lynn Ryan on (0116) 257 7579.