Human Vulnerabilities Special Interest Group

Latest updates

This area contains all of the latest information about this group.

• Outputs from the group can be downloaded from the resources area.
• Further information about the group can be found below.

Found 1 articles.

Following the publication of the Human Factors Working Group White papers the group has now become the Human Vulnerabilities Special Interest Group. The description of the group below will be re-written soon.

The Challenge

The challenge for the Working Group (WG) is to establish the state of current knowledge on human vulnerabilities in security systems, and identify strategies for managing them successfully.

Scope and Approach

An initial working definition of human vulnerabilities in security will be "human behaviour that creates a vulnerability in the system, or allows an attacker into the system, or allows an attacker to exploit a vulnerability". We recognise that undesirable behaviour can be caused by a range of other factors (including excessive physical or mental demands, insufficient skills or knowledge, impatience or diverted attention, individual perceptions and attitudes, failure to recognise responsibilities, and characteristics of the physical and social environment.

The WG will strive to understand how these factors can be changed for the better through the design and/or management of technology, procedures and the working environment. The endeavour will start from existing knowledge such as: The Foresight Cybertrust and crime Prevention report, and the technical and social science reviews on which it is based; previous mathematical, technical and human factors research from the safety- critical systems domain i.e. formal methods, system modelling, and the Human Error model); risk analysis and risk management approaches (as outlined in ISO 17799 and 27001) and the emerging understanding of the economics of security. The WG will establish the number, type and relative importance (in terms of frequency and impact) of human vulnerabilities that undermine security in IT systems and organisations as a whole to create a basis for understanding the extent and impact of the problem, and to identify priorities in terms of tackling them. In addition the WG will review existing academic studies and results of available surveys conducted by security companies. Finally the WG will identify viable approaches to change users? behaviour towards secure practices, and identify promising novel approaches to doing so that merit further research and/or feasibility study.

A workshop-based approach will be used.

Output and Outcomes

The main outcome of the WG will be a white Paper, which is expected to be published in early May 2007. In addition the consortium will produce an annotated reading list of relevant books and papers, which - together with the source documents, as far as copyright allows - will be made available on the KTN website.

The Team

In addition to the Chair the consortium will comprise 11 leading researchers on technical and human aspects security, 8 key security researchers and practitioners from some of the UK's leading companies and 3 SMEs from security and usability sectors. Bruce Schneier, one of the world's leading security experts will comment on the White Paper outline and final draft.

The Chair

The group is chaired by Prof. M. Angela Sasse of UCL.

Return to top of page

• Overview
• Introduction
• Activity Group ideas
• 08 Competition Winners
• Overview
• E-Crime prevention
• Outsourcing and Offshore Risk
• SOA Security
• Special Interest Groups
• Overview
• A.I. and Forensics
• Economics of Information Security
• Metrics
• Trusted Computing
• Secure software development
• Privacy
• Human Vulnerabilities