Mind the many skills gaps: why we keep creating unworkable security
Within less than 2 decades, the Internet and mobile communications have become an integral part of business and people’s lives. Most transactions are now carried out online, and criminals have followed ‘because that’s where the money is’. Security specialists develop policies and security mechanisms to stop them, but find in practice that people make mistakes, or don’t comply with the instructions on what (not) to do. They blame people for not understanding the risks and see ‘security education’ of staff and the general public as the answer.
But research over the past decade has shown many ‘best practice’ security policies and mechanisms are unworkable and ineffective. This lecture identifies the gaps in understanding and skills between business owners, software designers and developers, and security specialists that led to those solutions – silo thinking, diffusion of responsibility, and failure to measure effectiveness – and identify the knowledge and skills they need to avoid repeating them. And finally, what knowledge and skills consumers and citizen need to stay safe online.
Speaker – Professor Sasse, Human-Centred Technology at UCL, and Director of the UK Research Institute in Science of Cyber Security (RISCS).
M.Angela Sasse FREng is the Professor of Human-Centred Technology in the Department of Computer Science at University College London, UK. She read psychology in Germany and obtained an MSc in Occupational Psychology from Sheffield University before obtaining a PhD in Computer Science from the University of Birmingham.
She started investigating the causes and effects of usability issues with security mechanisms in 1996. Her 1999 seminal paper with her then Phd student Anne Adams, Users are Not the Enemy, is the most cited paper in usable security. She became a full professor in 2003, and has led several multi-disciplinary projects, working with economists, mathematicians and crime scientists. She worked with many international companies and received Faculty Awards from Intel in 2012 and IBM in 2013. She became Director of the UK Research Institute for Science of Cyber Security (RISCS), co-funded by the EPSRC and GCHQ in 2012, and was elected a Fellow of the Royal Academy of Engineering in 2015.