Microsoft Internet Explorer "input validation error" Dec 5, 2003
- that will let a certain character sequence mask the actual Web address and substitute a fake one.
IE could allow the address bar of this page to read "www.microsoft.com." Test by clicking this button to see if your IE using is affected by this fault.
Information Systems Security - A Human Centric Approach
Introduction
The Human Computer Interaction (HCI) is a kind of discipline bridging the study of humans and the study of technology. The goals of HCI [Preece 1994] is to develop / imporve the safety, utility, effectiveness, efficiency, and usability of systems that built on the computers. HCI can be viewed as a model in which people, activity (work), technology and the environment (social, organization) are closely interrelated. The study of HCI covers:
- Computer Science
- Cognitive Psychology
- Social and Organization Psychology
- Ergonomics
- Artifact� Intelligent (AI), Anthropology, Engineering and Design.
In HCI domain, we design / redesign the system by Star life cycle:
- Evaluation
- Implementation
- Task Analysis / Functional Analysis
- Requirements Specification
- Conceptual Design / Formal Design
- Prototyping
It is different from the traditional Waterfall model. The Star life cycle is:
- User-centred
- Integrate knowledge and expertise from different disciplines
- Highly iterative
A sociotechnical system composed of three concentric circles. The inner is Technical / Engineering System, the middle is Organizational / Management Infrastructure and the outmost is Environment Context. If we want to design a system to achieve an acceptable level of performance. We cannot not assume the core - "technical" comprises the entire system. We should take into account of the capabilities and limitations of the individual workers/users interacting with the system. At the same time, the sociotechnical system is affected by its environment too, i.e. the related laws and regulations, competition in the market, the physical environment, etc.
Cognitive engineering is to understand all these factors and their interactions on each others. It concerns with the analysis, design, and evaluation of complex sociotechnical systems. There are many interrelated characteristics to make the sociotechnical system complex.
- Large Problem Spaces
- Social
- Heterogenerous Perspectives
- Distributed
- Dynamic
- Potentially High Hazards
- Many Coupled Subsystems
- Automated
- Uncertain Data
- Mediated Interaction via Computers
- Disturbances
It, therefore, has placed high demands on workers and systems designers in designing, implementing, and operating the system.
Information System (IS) is a sociotechnical system that used by people. It has all the characteristics listed above. The cognitive engineering, therefore, may help the IS security professionals in designing, implementing, and maintaining the IS Security. The well-defined engineering approach provides framework and guideline� to do so.
The TEN Security Domains in the Human-Centric IS Security Control
We shall look at the TEN Security Domains from (1) the technical side, and (2) from the perspective of cognitive engineering, one by one
| DOMAIN | SCOPE |
| Access Control | Object identification and authentication. |
| Telecommunications and Network Security | The technical measures to deal with active and passive attacks. The former is non-preventable while the latter is preventable but difficult to detect. |
| Security Management Practices | Change control and management requires a baseline and configuration control board. |
| Applications and Systems Development Security | Controls over input, processing, and output. They are administrative policies, preventive, detective, and corrective. |
| Cryptography | Strong authentication is the first line of defense. |
| Security Architecture and Models | A system architecture defines the critical attributes of an organization's collection of information system in both business / functional and technical / physical terms. |
| Operations Security | Operational ontrols includes backup and recovery, contingency planning, production input/output controls, physical protection, environmental protection, and documentation. |
| Business Continuity Planning (BCP) and Disaster Recovery Plannning (DRP) | BCP focus on providing minimum level of outputs and services. DRP protects the organization against the consequence of disaster ensure its survival. |
| Laws, Investigations, and Ethics | Incident handling |
| Physical Security | Provides a first line defense against potential risks and threats in a computer centre. |
The following session is the explanation� of the interrelated characteristics find in the sociotechnical system. We shall see how they are related to the IS security requirements. Then we shall describe briefly of the three generic categories [Rasmussen 1997] of models that can be adopted for the specific purpose of grouping work analysis techniques
Cognitive Engineering - the characteristics of sociotechnical systems
The information systems that we are using today could be very complex. They are composed of many different computers and software. The number of factors that users and developers need to take into account can be very large. Large problem spaces make it difficult for the developer to design a information systems to deal with all possibilities.
A information system is composed of many people who must work together to make the system function properly. This requires good communication of people to coordinate the various operations and activities. But it is a difficult task if not impossible when there are thousand of people working together to develop / run the system.
People in a large organization or company come from different backgrounds and thus have diverse set of disciplines. It is difficult to set a monochromeic view of the system and expect all responsible correspondly.
The demand associated with social coordination is complicated by the geographical spread. People come from different cultures with diverse expectations and practices introduce additional complications.
Systems that are dynamic may take minutes or even hours for the work domain to completely respond to an action or setting. Because of the delay of actions, users have to anticipate the future state of the work domain and act well before the time when a response is desired. This creates a challenging situation for users / operators, especially when an error in anticipation can cause a disaster effect.
Inappropraite human beliefs or actions can have catastrophic consequences, i.e. economic and public safety, etc. Trial-and -error approach is not allowed. This is a challenge to the designer and operator because they must get it right the first time.
Large complex systems are composed of subsystems that are highly coupled. This makes it very difficult to predict all of the effects of an action / setting, or to trace all of the implications of a disturbance because there are many diverging proppagation paths. Users must think very carefully before making any changes.
Computer automation can make job esaier. But it also create challenges to users / operators when abnormal situations are happened. Because users / operators do not have to intervene very frequently, they are not accustomed to performing the compensatory or reconfiguration activities. If the problems persist� causing harzard. Then it gives a great deal of pressure to the users / operators.
There tends to be uncertainty in the data that are available. Because of this improverished input, users / operators must distinguish changes that are caused by events in the work domain from those that are caused by random drift or failure of the sensors. Therefore, there will frequently be a need for problem solving and inference.
Nowadays Windows and other kinds of computer interface have become the "second reality" to people. They provide the users / operators with a mediating representation of the world. Therefore, the everyday skills that people use to routinely explore the natural environment are not sufficient to deal with the demands associated with mediated interaction. The misinterpret�ation and representation may cause cognitive problems.
There are always unanticipated events that the systems or users had to deal with. They must adapt to the contingencies of these events quickly to maintain systems safety or productivity. Because their normal work procedures no longer apply in these cases, workers must generate an appropraite response based on a conceptual understanding of the work domain. As a result, the information systems design cannot be based solely on expected situations.
Normative Models
Normative models prescribe how a system should behave. This approach prescribes a normative, rational benchmark for how workers should behave in different situations. For example, the task analysis and HCI Goals, Operators, Methods, Selection Rules (GOMS) analyses are examples of normative approach to work analysis.
Task analysis defined as the study of what operator(s) is required to do, in terms of actions and/or cognitive process to achieve a system goal. The timeline study in task analysis identify�ing temporally ordered sequence of actions that is required to achieve the task, with duration estimates for each actions is similar to HCI GOMS in time-based measures of mental work load.
Descriptive Models
Descriptive models describe how a system should actually behaves in practice. Descriptive approaches to work analysis are qualitatively different from normative approaches. By conducting field studies that document the challenges of the users /operators face on the job, descriptive approach try to understand how they actually behave in practice and what are they do to cope with them. At the end the researchers will suggest ideas for new designs. The distinction between normative and descriptive approaches is equivalent to the distinction between task and activity. Task refers to the official actions that are prescribed to users / operators. Activity refers to the informal actions that users / operators actually perform in practice.
The descriptive approach have limitations in only reflecting existing systems. It does not suggest new deive or unexplored ways of doing. It is also difficult to start from descriptive analysis to design implications. For computer-based information systems, the implication is that the systems should ideally be designed to support instrinsic work constraints, not just current work practices.
Formative Models
Normative approaches focus on legislating work. Descriptive approaches focus on portraying work. Formative approaches focus on identifying technological and organizational requirements that need to be satisfied if a device / system is going to support a new design. The basic structure of formative approaches is shown below
In the Cognitive Work Analysis (CWA) framework there are five conceptual distinctions:
- Work Domain
- Control Tasks
- Strategies
- Social Organizations and Cooperations
- Worker Competencies
These distinctions represented by layers of constraint are shown in the diagram below. The size of each set represents the productive degrees of freedom for actors. The large sets represent many relevant possibilities for action whereas small sets represent fewer relevant possibilities for action. The Work Domain delimits the productive degree of freedom that are available for acion.
A work analysis framework is informative if each conceptual distinctions is closely linked with a particular class of systems design interventions. As an example, the relationships between the five phases of CWA and various classes of systems design interventions would look like:
- Work Domain
- What information should be measured? (benchmarks, data capturing)
- What information should be derived? (models)
- How should information be organized? (database)
- Control Tasks
- What goals must be pursued and what are the constraints on those goals? (procedures or automation)
- What information and relations are relevant for particular classes of situations? (context-sensitive interface)
- Strategies
- What frames of reference are useful? (dialogue modes)
- What control mechanisms are useful? (process flow)
- Social Organizations and Cooperations
- What are the responsibilities of all the actors? (role allocation)
- How should actors communicate with each other? (organizational structure)
- Worker Competencies
- What knowledge, rules, and skills do workers need to have? (selection, training, and interface form)
The IS security has all characteristics of a sociotechnical system. Therefore it is best studied under the Work Analysis Framework. The design of IS security must be human-centric and capable to adapt changes and implications.
Message digest of this page would be sent by email separately
- Reference:
- Preece, Jenny, et al (1994) Human-Computer Interaction , Addison-Wesley.
- Rasmussen, J. (1997) Merging paradigms: Decision making, management, and cognitive control. In R. Flin, E. Salas, M. E. Strub, & l. Marting (Eds), Decision making under stress: Emerging paradigms and applications (pp 67-85). Aldershot, England: Ashgate.