A Human Factors Vulnerability Evaluation Method for Computer and Information Security Sara Kraemer and Pascale Carayon, U. of Wisconsin, Madison Tuesday, October 14, 3:30-5:00 pm, Governor's Square 9
Computer and information security (CSI) issues are paramount in computer systems, especially with the growth of the Internet. Many CSI solutions and preventive measures are technically based, but the missing links are the human factors and organizational issues that contribute greatly to the strength of the security system.
Existing human factors research on CSI is limited, but these researchers applied tools from cognitive engineering to examine computer security breaches in a similar way that error taxonomies are used to examine accidents. Using an error taxonomy, one can look at the organizational and technical components of the accident to diagnose the problem, explain what went wrong, identify how human error contributes to the problem, and acknowledge design issues that must be addressed to improve the work system.
The purpose of this study was to test, develop, and refine a method for detecting flaws in sytems that might enable hackers to cause damage or disruptions. The Human Factors Vulnerability Analysis was subsequently used to identify, analyze, and solve vulnerabilities and was employed in conjunction with a technical security audit, which detects whether hackers can break into a system or misuse it.
The results of the study reveal ways in which HFVA can be improved to help prevent loss of data, service, and money.
Identification of an "Appropriate" Drowsy Driver Detection Interface for Commercial Vehicle Operations Ellen M. Ayoob, Carnegie Mellon University Wednesday, October 15, 1:30-3:00 pm, Governor's Square 14