A construct for intentional habit formation is suggested as possible mitigation to the disparity between user capability and systems requirements. The importance of usable security is well represented in early discussions (Sasse 2001). Twenty years after M. S. Ackerman provided a significant discussion of the “gap” between what humans need and what computers can support, the “social-technical gap” in privacy and security management continues. Humans, for many reasons, cannot make good, consistent decisions regarding security. Current and foundational theoretical understandings of human limitations are outlined, in both an individual and social context. The difference between current systems and principles of interface and interaction design are highlighted. Finally, a possible ameliorating step is suggested. Specifically, a movement from reliance on human cognition and decision making to a reliance on habit formation.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...