Premium
OH, THE HUMANITY! THE CONTROL SIDE OF SYSTEM SECURITY
Author(s) -
Narkevicius J. M.,
Harris S. D.
Publication year - 2016
Publication title -
insight
Language(s) - English
Resource type - Journals
eISSN - 2156-4868
pISSN - 2156-485X
DOI - 10.1002/inst.12080
Subject(s) - computer science , security controls , vulnerability (computing) , computer security , control (management) , process (computing) , perspective (graphical) , automation , access control , risk analysis (engineering) , artificial intelligence , programming language , engineering , mechanical engineering , medicine
In 1951, Fitts observed that humans are better than machines at inductive reasoning while machines excel at deductive reasoning. Meanwhile, system security users' needs unrepresented in design, require high‐load deductive tasks such as unaided recall of passwords. The purpose of system security is to control access; therefore, security should be approached from the perspective of control theory. Intelligent control theory incorporates critical components of security and structures the diagnostic process in the form of a logical induction. A control theoretic perspective that purports to apply to system security must account for induction in the control loop and automation is often proposed for these solutions. But, there are no fully automated systems. Human users are components of a control process. Modern security systems are almost exclusively logical systems, have hybrid intelligence (hybridized from users and software) and exhibit Emergent Behaviors (EB) that cannot be known a priori . Emergence in complex systems is readily apparent in most failures and frequently labeled latent human error. Human‐system integration‐induced EB must be accounted for because as a source of major vulnerability. The only viable strategy is suggested by control theory and incorporates embedded simulation as a critical component. A human‐centered design perspective is required.