It is no longer to be disputed that security and trust are inherently interdisciplinary, both if looked at as problems to solve or as properties to enforce. If we consider them as problems, then we must keep a broad eye at how the technical system intertwines with their users, whose paths of practice could be driven by a plethora of factors. Some come from society, its social, psychological, ethical and legal inputs, others come from the individual features, and all intertwine shaping up the persona that each individual exhibits in front of a specific piece of technology at a specific occasion.
Even looking at security and trust as properties at the abstract level, perhaps separately from a socio-technical system that might benefit from them, they must be reviewed to account for the human factor. For example, secrecy in traditional (technological) terms will not stand blatant human behaviour that shares passwords. The "law" comes into play here, for example with the article 32 (1) of the General Data Protection Regulation (EU Regulation 679/2016) calling for "appropriate technical and organisational measures to ensure a level of security appropriate to the risk".
And it is then the turn of the ISO/OSI 27000 series standards, stating more specific measures and how to conduct security risk assessment. The human factor reiterates here. Even a security risk assessment exercise ought to be specifically tailored to threats that manifest that human factor. For example, the risk of password sharing or reuse over different platforms cannot be assessed by any clever methodology without due consideration of how humans approach this particular technological item. So, we are, once more this year, advocating a socio-technical approach to establishing security and trust --- at any rate, at any level. And we are confident that (also) this year's programme goes straight in this direction.
Proceeding Downloads
Beware the downgrading of secure electronic mail
Researchers have investigated the usability challenges of end-to-end encryption for electronic mail while users seem to place little value into the confidentiality of their mail. On the other hand, users should see value in protection against phishing. ...
Interventions over smart card swiping behaviour
Background. A social influence of a messenger or the broken-window effect may impact the compliance level for security policies [11, 19, 26].
Aim. We investigate the effect of socio-environmental interventions on smart card swiping behaviour.
Method. We ...
Investigation of 3-D secure's model for fraud detection
Background. 3-D Secure 2.0 (3DS 2.0) is an identity federation protocol authenticating the payment initiator for credit card transactions on the Web.
Aim. We aim to quantify the impact of factors used by 3DS 2.0 in its fraud-detection decision making ...
Improving voting technology is hard: the trust-legitimacy-participation loop and related problems
Experience shows that the best technology is not always adopted. In the security arena no technology has to stand a harder challenge or has higher consequences for changing society by failure than voting technology. Best technology in voting is defined ...
Effects of privacy risk perception and cultural bias on intention of connected autonomous vehicle use
- Kalliopi Anastasopoulou,
- Emma Williams,
- Carolyn Whitnall,
- Theo Tryfonas,
- Elisabeth Oswald,
- Phil Morgan,
- Alexandra Voinescu,
- Robert Piechocki,
- Andrea Tassi
Connected Autonomous Vehicles (CAVs) are pitched as drivers of rapid growth for a future of driverless, safe and efficient transportation. However, CAV use may face challenges as their acceptance is intertwined with individuals' intention to use ...
SHRUBS: simulating influencing human behaviour in security
An organisational requirement of no unauthorised personnel permitted in a restricted area may have a security policy such as all employees must wear identification badges and employees must challenge people who are not wearing a badge. An employee's ...
Recommendations
The Poetics of Socio-Technical Space: Evaluating the Internet of Things Through Craft
CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing SystemsDrawing on semi-structured interviews and cognitive mapping with 14 craftspeople, this paper analyzes the socio-technical arrangements of people and tools in the context of workspaces and productivity. Using actor-network theory and the concept of ...
Towards a Theory of Socio-technical Interactions
EC-TEL '09: Proceedings of the 4th European Conference on Technology Enhanced Learning: Learning in the Synergy of Multiple DisciplinesTechnology enhanced learning environments are characterized by socio-technical interactions. Socio-technical interactions involve individuals interacting with (a) <em>technologies,</em> and (b) <em>other individuals</em> . These two critical aspects of ...