San José State University  Department of Psychology

Virtual Environments, Cognition, & Training Research Laboratory

Research

Cognitive Factors in Cybersecurity

Photograph of an ethernet cable

We are taking an interdisciplinary approach to improving the security of computer networks. Our investigations focus on understanding the knowledge needed by cyber security professionals and how training and automation design can affect security. We also study how end-users' knowledge and trust affect security outcomes.

Sponsor

NSF Logo CAREER: RUI: Understanding Human Cognition in Computer Network Defense funded by the National Science Foundation.

Cyber security professionals, the individuals responsible for keeping organizations secure, investigate network activity to find, identify, and respond to threats. These individuals are among the last lines of defense for an organization. Cyber security professionals depend on automated tools to perform their jobs but must make critical decisions that impact security. Therefore, successful defense against cyber attacks depends on human decision making. This research identifies cognitive outcomes that predict successful threat response. We are investigating the content and structure of cyber security professionals' knowledge, creating assessments of cyber security professional cognition, and developing training techniques for cyber security decision making. This project's broader impacts address the large need for cyber security workforce development. The training developed through this research will make cyber security careers more accessible to individuals beyond traditional computer science career paths. Threat response training for network defense provides a strategic advantage against cyber adversaries and increasingly sophisticated threats.

Selected Publications & Presentations

  • Still, J. D., Cain, A., & Schuster, D. (in press). Human-centered authentication guidelines. Information and Computer Security.
  • Brown, P., Christensen, K., & Schuster, D. (2016). An investigation of trust in a cyber security tool. Proceedings of the Human Factors and Ergonomics Society Annual Meeting. Santa Monica, CA: Human Factors and Ergonomics Society. [Web]
  • Wong, N., & Schuster, D. (2016, April). The use of virtual machines in learning about human behavior in cyber security. Poster session presented at the Spartan Psychological Association Research Conference, San Jose, CA.
  • Brown, P., Christensen, K., Nguyen, R., Wong, N., & Schuster, D. (2016, April). An investigation of trust in cyber security tools. Poster session presented at the meeting of the Western Psychological Association, Long Beach, CA.
  • Schuster, D., Still, M. L., Still, J. D., Lim, J. J., Feria, C. S., & Rohrer, C. (2015). Opinions or algorithms: an investigation of trust in people versus automation in app store security. Lecture Notes in Computer Science. Heidelberg: Springer International Publishing. doi:10.1007/978-3-319-20376-8_37 [Web]

Recommended Reading - By Others

  • Gutzwiller, R. S., Fugate, S., Sawyer, B. D., & Hancock, P. A. (2015). The human factors of cyber network defense. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 59(1), 322-326. Santa Monica, CA: Human Factors and Ergonomics Society. [Web]

Any opinions, findings, and conclusions or recommendations expressed on this site are those of the author(s) and do not necessarily reflect the views of the National Science Foundation or San José State University.