5 Conclusion
Human involvement in any system is unavoidable, and will critically influence the structure and security of the system, making it unpredictable and therefore hard to study. To understand how these socio-technical systems behave, we need to better understand the behaviour of people. This will lead to a better design of security measures in term of usability and effectiveness. As a result, the risk of human components bypassing or rendering the security measures useless through their careless actions could be reduced.
Another way to improve the security of computer-based systems is by making the human components aware of the importance of sound security practices and the havoc that security breaches could bring. It is very common — if not mandatory — for new employees to undergo safety training or induction. This could be extended to include security induction, where new employees are made aware of the organisation’s security policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams A, Sasse MA (1999). Users are not the enemy. Communications of the ACM, 42(12):40–46.
Adams A, Sasse MA, Lunt P (1997). Making passwords secure and usable. In Proceedings of HCI’97 People and Computers XII, pages 1–19. Springer.
Bace RG (2000). Intrusion Detection. Macmillan Technical Publishing.
Besnard D, Arief B (2004). Computer security impaired by legitimate users. Computers & Security, 23(3):253–264.
Hatch B, Lee J, Kurtz G (2001). Hacking Linux Exposed: Linux Security Secrets & Solutions. Osborne/McGraw-Hill.
Mitnick K, Simon W (2002). The Art of Deception: Controlling the Human Element of Security. Wiley.
Powell D, (Editors) RS (2003). Conceptual model and architecture of MAFTIA. Technical Report MAFTIA Deliverable D21, Project IST-1999-11583.
Randell B (2004). Dependability, structure and infrastructure. Technical Report CS-TR 877, University of Newcastle.
Reason J (1990). Human Error. Cambridge University Press.
Reeder R, Maxion R (2004). Error analysis of a security-oriented user interface. Technical Report 872, Newcastle University Computing Science.
Sasse MA, Brostoff S, Weirich D (2001). Transforming the weakest link-a human computer interaction approach to usable effective security. BT Technological Journal, 19(3):122–131.
Simon HA (1957). Models of Man. Wiley, New York.
Stoll C (1989). The Cuckoo’s Egg. Doubleday.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag London Limited
About this chapter
Cite this chapter
Bryans, J., Arief, B. (2006). Security implications of structure. In: Besnard, D., Gacek, C., Jones, C.B. (eds) Structure for Dependability: Computer-Based Systems from an Interdisciplinary Perspective. Springer, London. https://doi.org/10.1007/1-84628-111-3_11
Download citation
DOI: https://doi.org/10.1007/1-84628-111-3_11
Publisher Name: Springer, London
Print ISBN: 978-1-84628-110-5
Online ISBN: 978-1-84628-111-2
eBook Packages: Computer ScienceComputer Science (R0)