%0 Journal Article %1 mjs:Schumacher:Psychology %A Schumacher, Stefan %D 2015 %K ds15 mjsarticle psychology research security steschum %N 2 %P 667-674 %T Psychology of Security %U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_041_SchumacherPsychology.pdf %V 10 %X IT Security is often considered to be a technical problem. However, IT Security is about decisions made by humans and should therefore be researched with psychological methods. Technical/Engineering methods are not able to solve security problems. In this talk I will introduce the Instituteś research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security? It is based on the 2013 talk »Psychology of Security« and also incorporates parts of my 2014 talk »Security in a Post NSA Age?« held at AUSCert Australia and »Why IT Security is fucked up and what we can do about it« held at Positive Hack Days Moscow. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer

@article{mjs:Schumacher:Psychology, abstract = {IT Security is often considered to be a technical problem. However, IT Security is about decisions made by humans and should therefore be researched with psychological methods. Technical/Engineering methods are not able to solve security problems. In this talk I will introduce the Institute\'s research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security? It is based on the 2013 talk »Psychology of Security« and also incorporates parts of my 2014 talk »Security in a Post NSA Age?« held at AUSCert Australia and »Why IT Security is fucked up and what we can do about it« held at Positive Hack Days Moscow. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer}, added-at = {2021-09-19T18:42:17.000+0200}, author = {Schumacher, Stefan}, biburl = {https://www.bibsonomy.org/bibtex/231e1c54859d44d9d4d0ccecd7e736a7b/steschum}, interhash = {162ac74d78f94b4ad6b32badf9edd3de}, intrahash = {31e1c54859d44d9d4d0ccecd7e736a7b}, issn = {2192-4260}, journaltitle = {Magdeburger Journal zur Sicherheitsforschung}, keywords = {ds15 mjsarticle psychology research security steschum}, number = 2, pages = {667-674}, subtitle = {A Research Programme}, timestamp = {2021-10-22T17:15:30.000+0200}, title = {Psychology of Security}, url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_041_SchumacherPsychology.pdf}, urldate = {2015-10-25}, volume = 10, year = 2015 }