Human-Centric Aspects of Cyber-Security

It has been well recognised that the effectiveness of cyber-security is highly dependent on the Human-Centric Aspects of Cyber-Security, both in terms of professionals and end-users of technologies. A cross-cutting issue identified in all roadmaps and multiple EU documents is the need to ensure that cyber-security professionals receive regular training so that they are skilled in working with emerging technologies and responding to new threats. Cyber-security education is now taught in universities throughout Europe and multiple firms provide lifelong learning opportunities for professionals. When designing effective learning the organisers need to understand the dynamics of how the teams learn and what are indicators of successful team learning. However, assessing team learning success when the absence of objective performance measures and in the avoidance of highly invasive assessment methods in the cyber-security exercises’ context remains an unsolved question.

Regarding end-users of technology, the concept of Usable Security is highly relevant, which is focused on making sure that security products and processes are usable by those who need them, which can be an important catalyst to more efficient adoption of security and privacy technologies. Usable security needs to guarantee a level of usability high enough so that user behaviour will not jeopardise their benefits in terms of security and privacy. However, many technologies are not straightforward. For example, multiple problems regarding the usability of the PGP encryption system have been pointed out. These usability issues can make it harder to reach intended security and privacy goals. In the case of encryption, there have been many improvements that make end-to-end encrypted communications now available to large groups of people. However, user authentication still has many issues and a perfect solution does not yet exist. Sometimes there are trade-offs between usability and security or privacy meaning that a design solution favouring one aspect might degrade another.

Strategic Priority

Improve automated feedback systems for cyber-security training.
Improve usability of cyber-security solutions for ICT professionals.

Pilot Research

Evaluate Automated Feedback upgrade to KYPO Cyber Range Platform (an open-source interactive learning environment for hands-on cyber-security training).
Identify and address gaps in the usability of penetration testing reports among ICT professionals.

Publications (View all)

Human-Centric Aspects of Cyber-Security

Strategic Priority

Pilot Research

Detecting Unsuccessful Students in Cybersecurity Exercises in Two Different Learning Environments

Cybersecurity Study Programs: What’s in a Name?

CHESS: Cyber-security Excellence Hub in Estonia and South Moravia

Post-quantum trails: an educational board game about post-quantum cryptography

Automated feedback for participants of hands-on cybersecurity training

Usability of Penetration Testing Reports

Cybersecurity Exercises

Strategic decision-making exercises at the INJECT Exercise Platform

Application of the INJECT platform in hands-on cybersecurity exercises

Generator of Vulnerable Web Applications

Penetration Testing of the INJECT Exercise Platform

Container-Based Testbed for Embedded Systems Security Training

Implementation and Performance Evaluation of the INJECT Backend in Go