Design principles for cognitively accessible cybersecurity training

• Exploiting human behavior to gain unauthorized access to computer systems has become common practice for modern cybercriminals. Users are expected to adopt secure behavior to avoid those attackers. This secure behavior requires cognitive processing and is often seen as a nuisance which could explain why attacks exploiting user behavior continues to be a fruitful approach for attackers. While adopting secure behavior can be difficult for any user, it can be even more difficult for users with cognitive disabilities. This research focuses on users with cognitive disabilities with the intent of developing design principles for the development of cognitively accessible cybersecurity training. The target group is estimated to include almost 10 % of all users but is previously understudied. The results show that the target group experience cybersecurity as cognitively demanding, sometimes to a degree that becomes incapacitating. Participating in cybersecurity training requires cognitive energy which is a finite resource. Cognitively accessible cybersecurity training requires a minimalist design approach and inclusion of accessibility functions. A minimalist design approach, in this case, means that both informative and design elements should be kept to a minimum. The rationale is that all such elements require cognitive processing which should be kept to a minimum. 

Ämnesord

NATURVETENSKAP  -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences -- Information Systems (hsv//eng)

NATURVETENSKAP  -- Data- och informationsvetenskap -- Människa-datorinteraktion (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences -- Human Computer Interaction (hsv//eng)

TEKNIK OCH TEKNOLOGIER  -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)

ENGINEERING AND TECHNOLOGY  -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)

Nyckelord

Accessible security

Cognitive accessibility

Cybersecurity training

Cybersecurity training design

Usable security

Behavioral research

Network security

Cognitive processing

Cyber security

Design Principles

Training design

Cybersecurity

Interaction Lab (ILAB)

Interaction Lab (ILAB)

Information Systems

Informationssystem (IS)

Publikations- och innehållstyp

ref (ämneskategori)

art (ämneskategori)