The Weakest Link: A Psychological Perspective on Why Users Make Poor Security Decisions

The Weakest Link: A Psychological Perspective on Why Users Make Poor Security Decisions

Ryan West (Dell, Inc., USA), Christopher Mayhorn (North Carolina State University, USA), Jefferson Hardee (North Carolina State University, USA) and Jeremy Mendel (North Carolina State University, USA)
DOI: 10.4018/978-1-60566-036-3.ch004
OnDemand PDF Download:
No Current Special Offers


The goal of this chapter is to raise awareness of cognitive and human factors issues that influence user behavior when interacting with systems and making decisions with security consequences. This chapter is organized around case studies of computer security incidents and known threats. For each case study, we provide an analysis of the human factors involved based on a system model approach composed of three parts: the user, the technology, and the environment. Each analysis discusses how the user interacted with the technology within the context of the environment to actively contribute to the incident. Using this approach, we introduce key concepts from human factors research and discuss them within the context of computer security. With a fundamental understanding of the causes that lead users to make poor security decisions and take risky actions, we hope designers of security systems are better equipped to mitigate those risks.
Chapter Preview


Humans are fallible. That means exploitable. Recorded in every religious text and mythology is the evidence of human imperfection. We lose our wallets, forget our passwords, and drive over the speed limit when we are in a hurry. Yet somehow, we managed to develop manifestations of pure logic in the form of computing systems. At the helm of all this technical sophistication and complexity, unfortunately, is a user.

Complete Chapter List

Search this Book: