Security specialists develop policies and security mechanisms to stop them, but find in practice that people make mistakes or don't comply with the instructions about what (not) to do. They blame people for not understanding the risks and see the security-education of staff and the general public as the answer. But research over the past decade has shown many best-practice security policies and mechanisms are unworkable and ineffective.
This lecture identified the gaps in understanding and skills between business owners, software developers and security specialists that led to those solutions - ‘silo thinking’, diffusion of responsibility, failure to measure effectiveness - and identifies the knowledge and skills they need to avoid repeating their mistakes. What knowledge and skills do consumers and citizens need to stay safe online?
More about Prof Angela Sasse
M. Angela Sasse FREng is the Professor of Human-Centred Technology at UCL. In 2012 she became Director of the UK Research Institute for the Science of Cyber Security (RISCS), co-funded by the Engineering and Physical Sciences Research Council (EPSRC) and GCHQ, and remains in that position. She was elected a Fellow of the Royal Academy of Engineering in 2015.
She read psychology in Germany and obtained an MSc in occupational psychology from Sheffield University before obtaining a PhD in computer science from the University of Birmingham.
In 1996 she started investigating the causes and effects of issues with usability in security mechanisms. Written with her then PhD student Anne Adams, Prof Sasse’s seminal 1999 paper “Users Are Not the Enemy” is the most cited paper in usable security.
She has led several multidisciplinary projects, working with economists, mathematicians and crime scientists; additionally she has worked with many international companies and received faculty awards from Intel in 2012 and IBM in 2013.