Abstract
The role of the human in cyber security is well acknowledged. Many cyber security incidents rely upon targets performing specific behavioural actions, such as opening a link within a phishing email. Cyber adversaries themselves are driven by psychological processes such as motivation, group dynamics and social identity. Furthermore, both intentional and unintentional insider threats are associated with a range of psychological factors, including cognitive load, mental wellbeing, trust and interpersonal relations. By incorporating psychology into cyber security education, practitioners will be better equipped with the skills they need to address cyber security issues. However, there are challenges in doing so. Psychology is a broad discipline, and many theories, approaches and methods may have little practical significance to cyber security. There is a need to sift through the literature to identify what can be applied to cyber security. There are also pedagogical differences in how psychology and cyber security are taught and also psychological differences in the types of student that may typically study psychology and cyber security. To engage with cyber security students, it is important that these differences are identified and positively addressed. Essential to this endeavor is the need to discuss and collaborate across the two disciplines. In this paper, we explore these issues and discuss our experiences as psychology and cyber security academics who work across disciplines to deliver psychology education to cyber security students, practitioners and commercial clients.
Jacqui Taylor-Jackson, John McAlaney, Jeff Foster, Abubakar Bello, Alana Maurushat, John Dale, Incorporating Psychology into Cyber Security Education: A Pedagogical Approach, Proceedings of AsiaUSEC’20, Financial Cryptography and Data Security (FC). February 14, 2020 Kota Kinabalu, Sabah, Malaysia Springer, 2020.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Dawson, J., Thomson, R.: The future cybersecurity workforce: going beyond technical skills for successful cyber performance. Front. Psychol. 9 (2018). 1664-1078. https://www.frontiersin.org/article/10.3389/fpsyg.2018.00744
Kearney, W.D., Kruger, H.A.: Can perceptual differences account for enigmatic information security behaviour in an organisation? Comput. Secur. 61, 46–58 (2016)
Iuga, C., Nurse, J.R.C., Erola, A.: Baiting the hook: factors impacting susceptibility to phishing attacks. Hum.-Centric Comput. Inf. Sci. 6(1), 1–20 (2016). https://doi.org/10.1186/s13673-016-0065-2
Bursztein, E., et al.: Handcrafted fraud and extortion: manual account hijacking in the wild. In: Proceedings of the 2014 Conference on Internet Measurement Conference, Vancouver, BC, Canada, pp. 347–358. ACM (2014)
Johnston, A.C., Warkentin, M., Siponen, M.: An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric. Mis Q. 39(1), 113–134 (2015)
Hadnagy, C.: Social Engineering: The Act of Human Hacking. Wiley Publishing Inc., Indianapolis (2011)
Witkowski, T.: Thirty-five years of research on neuro-linguistic programming. NLP research data base. State of the art or pseudoscientific decoration? Pol. Psychol. Bull. 41(2), 58–66 (2010)
Rogers, M.K.: The psyche of cybercriminals: a psycho-social perspective. In: Anal. Ghosh, G., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 217–235. Springer, Berlin (2010). https://doi.org/10.1007/978-3-642-13547-7_14
Seebruck, R.: A typology of hackers: classifying cyber malfeasance using a weighted arc circumplex model. Digit. Invest. 14, 36–45 (2015)
Olson, P.: We Are Anonymous. Back Bay Books, New York (2012)
Darley, J.M.: Social organization for the production of evil. Psychol. Inq. 3(2), 199–218 (1992)
Wallach, M.A., Kogan, N., Bem, D.J.: Group influence on individual risk-taking. J. Abnorm. Psychol. 65(2), 75 (1962)
Doise, W.: Groups and Individuals: Explanations in Social Psychology. Cambridge University Press, Cambridge (1978)
Sheng, S., et al.: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems 2010, Atlanta, Georgia, USA, pp. 373–382. ACM (2010)
Rifon, N.J., LaRose, R., Choi, S.M.: Your privacy is sealed: effects of web privacy seals on trust and personal disclosures. J. Consum. Aff. 39(2), 339–362 (2005)
Power, A., Kirwan, G.: Cyberpsychology and New Media: A Thematic Reader. Psychology Press, New York (2014)
Utz, S., Kramer, N.: The privacy paradox on social network sites revisited: The role of individual characteristics and group norms. Cyberpsychol.: J. Psychosoc. Res. Cyberspace 3(2) (2009)
Schmidt, M.B., Arnett, K.P.: Spyware: a little knowledge is a wonderful thing. Commun. ACM 48(8), 67–70 (2005)
Schneier, B.: The Psychology of Security. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 50–79. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_5
Kahneman, D.: Thinking Fast and Slow, 1st edn. 499 pp. Penguin, Westminster (2011)
Venkatesh, V., et al.: User acceptance of information technology: toward a unified view. Mis Q. 27(3), 425–478 (2003)
Band, S.R., et al. Comparing insider it sabotage and espionage: a model-based analysis. Software Engineer Institute, Carnegie Mellon (2006)
Radford, J., Holdstock, L.: Gender differences in higher education aims between computing and psychology students. Res. Sci. Technol. Educ. 13(2), 163–176 (1995)
Taylor, J.: Teaching psychology to computing students. Psychol. Teach. Rev. 14(1), 21–29 (2008)
Gibbs, J.C.: Moral Development and Reality: Beyond the Theories of Kohlberg and Hoffman. SAGE Publications, Newcastle upon Tyne (2003)
Making things hard on yourself, but in a good way: creating desirable difficulties to enhance learning. In: Psychology and the Real World. Essays Illustrating Fundamental Contributions to Society, no. 2, pp. 59–68 (2011)
Linn, M.C., Chang, H.-Y., Chiu, J.L., Zhang, Z.H., McElhaney, K.: Can desirable difficulties overcome deceptive clarity in scientific visualizations? In: Benjamin, A.S. (ed.) Successful Remembering and Successful Forgetting: A Festschrift in honor of Robert A. Bjork (pp. 235–258). Taylor & Francis (2011). https://doi.org/10.4324/9780203842539
Bandura, A.: Social cognitive theory. In: Ewen, R.B. (ed.) An Introduction to the Theories of Personality, pp. 365–386. Lawrence Erlbraun Associates, Mahwa (2003)
Steptoe, A., Wardle, J.: Locus of control and health behaviour revisited: a multivariate analysis of young adults from 18 countries. Br. J. Psychol. 92(Pt 4), 659–672 (2001)
Maurushat, A.: Ethical Hacking. University of Ottawa Press, Ottawa (2019)
Maurushat, A., Bello, A., Bragg, B.: Artificial intelligence enabled cyber fraud: a detailed look into payment diversion fraud and ransomware. Indian J. Law Technol. 15(2) (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Taylor-Jackson, J., McAlaney, J., Foster, J.L., Bello, A., Maurushat, A., Dale, J. (2020). Incorporating Psychology into Cyber Security Education: A Pedagogical Approach. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-54455-3_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54454-6
Online ISBN: 978-3-030-54455-3
eBook Packages: Computer ScienceComputer Science (R0)