Design principles for cognitively accessible cybersecurity training
2024 (English)In: Computers & Security, ISSN 0167-4048, E-ISSN 1872-6208, Vol. 137, article id 103630Article in journal (Refereed) Published
Abstract [en]
Exploiting human behavior to gain unauthorized access to computer systems has become common practice for modern cybercriminals. Users are expected to adopt secure behavior to avoid those attackers. This secure behavior requires cognitive processing and is often seen as a nuisance which could explain why attacks exploiting user behavior continues to be a fruitful approach for attackers. While adopting secure behavior can be difficult for any user, it can be even more difficult for users with cognitive disabilities. This research focuses on users with cognitive disabilities with the intent of developing design principles for the development of cognitively accessible cybersecurity training. The target group is estimated to include almost 10 % of all users but is previously understudied. The results show that the target group experience cybersecurity as cognitively demanding, sometimes to a degree that becomes incapacitating. Participating in cybersecurity training requires cognitive energy which is a finite resource. Cognitively accessible cybersecurity training requires a minimalist design approach and inclusion of accessibility functions. A minimalist design approach, in this case, means that both informative and design elements should be kept to a minimum. The rationale is that all such elements require cognitive processing which should be kept to a minimum.
Place, publisher, year, edition, pages
Elsevier, 2024. Vol. 137, article id 103630
Keywords [en]
Accessible security, Cognitive accessibility, Cybersecurity training, Cybersecurity training design, Usable security, Behavioral research, Network security, Cognitive processing, Cyber security, Design Principles, Training design, Cybersecurity
National Category
Information Systems Human Computer Interaction
Research subject
Information Systems; GAME Research Group
Identifiers
URN: urn:nbn:se:his:diva-23469DOI: 10.1016/j.cose.2023.103630ISI: 001134538700001Scopus ID: 2-s2.0-85178635646OAI: oai:DiVA.org:his-23469DiVA, id: diva2:1819510
Funder
The Swedish Post and Telecom Authority (PTS), 19-10617
Note
CC BY 4.0 DEED
© 2023 The Author(s)
Correspondence Address: J. Kävrestad; Jönköping School of Engineering, Jönköping, Gjuterigatan 5, 551 11, Sweden; email: joakim.kavrestad@ju.se; CODEN: CPSED
This research was funded by the Swedish Post and Telecom Authority under grant number 19-10617.
2023-12-142023-12-142024-12-18Bibliographically approved