Human Factors in Cybersecurity
Expert-defined terms from the Advanced Skill Certificate in Cyber Psychology and Security Assessments course at LearnUNI. Free to read, free to share, paired with a globally recognised certification pathway.
Advanced Skill Certificate in Cyber Psychology and Security Assessments #
A program focused on the intersection of psychology and cybersecurity, covering topics such as human factors in cybersecurity, cyber threat intelligence, and security assessments.
Cyber Threat Intelligence (CTI) #
Information about potential or current attacks, threat actors, and their motives, tactics, and procedures (TTPs), used to inform cybersecurity decisions and responses. Related terms: Threat intelligence platform (TIP), Open Source Intelligence (OSINT).
Cybersecurity Culture #
The shared attitudes, behaviors, and practices related to cybersecurity within an organization, including the understanding of risks and the willingness to take appropriate action to mitigate them. Related terms: Security awareness, Security behavior.
Dark Patterns #
User interface designs that manipulate users into making decisions they might not otherwise make, often for the benefit of the organization rather than the user. Related terms: Deceptive design, User experience (UX).
Deceptive Design #
The use of design elements to intentionally mislead or trick users into taking certain actions. Related terms: Dark patterns, User experience (UX).
Human Factors in Cybersecurity #
The study of how humans interact with cybersecurity systems, including the impact of human behavior on security and the design of systems that account for human limitations and tendencies. Related terms: Usable security, Security usability.
Insider Threat #
A security risk posed by individuals within an organization, including employees, contractors, and partners, who have authorized access to the organization's resources and may use that access for malicious purposes. Related terms: Trusted insider, Malicious insider.
Open Source Intelligence (OSINT) #
Information that is publicly available and can be used in cyber threat intelligence. Related terms: Cyber Threat Intelligence (CTI), Social engineering.
Security Awareness #
The understanding of cybersecurity risks and best practices within an organization, often promoted through training and education. Related terms: Cybersecurity culture, Security behavior.
Security Behavior #
The actions taken by individuals within an organization to mitigate cybersecurity risks, influenced by factors such as security awareness, social norms, and organizational policies. Related terms: Cybersecurity culture, Security awareness.
Social Engineering #
The use of psychological manipulation to deceive individuals and gain unauthorized access to information or systems. Related terms: Phishing, Pretexting.
Threat Intelligence Platform (TIP) #
A system that aggregates, analyzes, and disseminates cyber threat intelligence from multiple sources, often used to support incident response and proactive security measures. Related terms: Cyber Threat Intelligence (CTI), Open Source Intelligence (OSINT).
Trusted Insider #
An individual within an organization who has authorized access to resources and is considered reliable and trustworthy. Related terms: Insider threat, Malicious insider.
Usable Security #
The design of cybersecurity systems that are both secure and easy to use, taking into account human factors and limitations. Related terms: Security usability, Human factors in cybersecurity.
User Experience (UX) #
The overall experience of a user when interacting with a system, including factors such as usability, accessibility, and user satisfaction. Related terms: Deceptive design, Dark patterns.
Security Usability #
The ease of use and understandability of cybersecurity systems and practices, with the goal of promoting secure behavior and reducing user error. Related terms: Usable security, Human factors in cybersecurity.
Examples: #
Examples:
* An organization may use a TIP to gather and analyze CTI from multiple sources,… #
* An organization may use a TIP to gather and analyze CTI from multiple sources, including OSINT, to inform their security decisions and responses.
* A phishing email that uses fear #
based messaging and a sense of urgency to trick the recipient into clicking a malicious link is an example of social engineering.
* A system that requires users to create complex passwords with multiple charact… #
* A system that requires users to create complex passwords with multiple character types and change them frequently, without providing clear instructions or feedback, may be considered to have poor security usability.
Practical Applications: #
Practical Applications:
* Incorporating user feedback and testing into the design and implementation of… #
* Incorporating user feedback and testing into the design and implementation of cybersecurity systems to improve usability and promote secure behavior.
* Providing regular training and education to employees to increase security awa… #
* Providing regular training and education to employees to increase security awareness and promote a strong cybersecurity culture within an organization.
* Using CTI to inform proactive security measures, such as identifying and mitig… #
* Using CTI to inform proactive security measures, such as identifying and mitigating potential threats before they can cause harm.
Challenges: #
Challenges:
* Balancing the need for strong security measures with the need for usable and a… #
* Balancing the need for strong security measures with the need for usable and accessible systems.
* Overcoming user skepticism and lack of engagement with security training and a… #
* Overcoming user skepticism and lack of engagement with security training and awareness efforts.
* Keeping up with the constantly evolving cyber threat landscape and adapting se… #
* Keeping up with the constantly evolving cyber threat landscape and adapting security measures accordingly.