Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
An Activity Theory Approach to Intuitiveness: From Artefact to Process Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

A Psychological Approach to Information Security

Some Ideas for Establishing Information Security Psychology

verfasst von : Katsuya Uchida

Erschienen in: Human-Computer Interaction: Design and Evaluation

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Information Systems are composed in four main portions, people, information, appliance and facilities. These four portions are called information assets. Information security protects information assets and keeps safe them from the view point of Confidentiality, Integrity and Availability (CIA).
Recently, cyber-attacks to people in specific organizations are called advanced persistent threat (APT) or targeted attacks. APT attacks are attacks using psychological and behavioral science weakness of people, are not technical attacks.
Kevin Mitnick, the most competent and the most famous attacker for people says “Security is not a technology problem. It is a human and management problems” in his book.
By using the knowledge of psychology, behavioral science and criminology, the attackers attack people, and achieve the purposes. Targets of the attacks are not only the direct objects that are theft or destruction of information, but also the indirect objects that obtain the information necessary to achieve the goal.
Sun Tzu, a Chinese military general, strategist and philosopher said “If you know your enemies and know yourself, you can win a hundred battles without a single loss”.
Attackers and victims are classified into people, appliance (hardware and software) and hybrid (people and appliance).
The methods of attackers for each attack and cases of attacks are classified in this paper.
Some organizations are beginning to use the elements of games and competitions to motivate employees, and customers. This is known as gamification which is the application of game elements and digital game design techniques to non-game problems, such as business and social impact challenges.
Gamification is very useful for awareness training of information security, I believe.
This paper attempts to classify and systematize attackers, victims and the methods of attacks, as by psychology, behavioral science, criminal psychology, and cognitive psychology I have proposed some ideas for education, training and awareness for information security using the findings of psychology and behavioral science.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Improving IT Security Through Security Measures: Using Our Game-Theory-Based Model of IT Security Implementation
Nächstes Kapitel Cross-Over Study of Time Perception and Interface Design
Literatur
1.
Caralli, R.A. et al.: CERT Resilience Management Model, version 1.0, pp. 4–5. Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2010)
2.
3.
Hadnagy, R.: Social Engineering: The Art of Human Hacking. Wiley, New York (2010)
4.
5.
6.
Cialdini, R.: Influence: Science and Practice. Prentice Hall, Needham (2008)
7.
8.
Werbach, K., et al.: For the Win: How Game Thinking Can Revolutionize Your Business. Wharton Digital Press, Philadelphia (2012)
9.
Thornton, D., et al.: Gamification of information systems and security training: issues and case studies. Inf. Secur. Educ. J. 1(1), 16–24 (2014)
Metadaten
Titel
A Psychological Approach to Information Security
verfasst von
Katsuya Uchida
Copyright-Jahr
2015
Buch
Human-Computer Interaction: Design and Evaluation

Print ISBN: 978-3-319-20900-5

Electronic ISBN: 978-3-319-20901-2

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-20901-2_9

Neuer Inhalt

    Bildnachweise