The Importance of Computer Security

The importance of computer security has been emphasized by two expert studies. One study was done by a group of academicians. The second study was done by computer security professionals. One is a seminal work carried out by Farzeneh Asghapour, Debin Lin and Jean Camp (2007) in assessing the indirect and implicit use of mental models applied to computer security. Asghapour et. al., (2007) did three experiments which revealed corresponding results. First, the experiments showed that for a set of security risks, the self-identified security experts and non-experts exhibit specific mental models. Second, a brand of expertise increases the distance between the mental models of non-experts and experts. Finally, the utilization of models through metaphors did not correspond to metaphors that are similar to the mental models of simple users. The second study on computer security done by Stuart Schechter and Daniel Smith tackled the kind of security required to protect a packaged system which is present in large organizations from thieves who would plot a vulnerability to attack multiple installations. Both studies are similar since they relay the importance of computer security in organizations.
The main theme of Asghapour and her co-researchers were to emphasize the importance of effective security risk communication. The researchers argue that this requires both communicating risk information and motivating the appropriate risk behaviors. The crucial argument is that the purpose of risk communication is not transmitting truth to the users, but training them to take an appropriate move to respond against a certain threat to their system. Similarly, Schechter and David present an economic threat modeling as a measure for understanding adversaries who are attracted for financial gain. They did a mathematical model on thieves outside the target organization who would enter through a simple vulnerability in one of the target company’s packaged systems. This model can determine what these thieves are willing to pay for system vulnerabilities and how secure the system should be to withstand any form of theft.

You Might Also Like