Computer Security Essay Example | Topics and Well Written Essays - 2250 words

Computer Security - Essay Example One study was done by a group of academicians. The second study was done by computer security professionals. One is a seminal work carried out by Farzeneh Asghapour, Debin Lin and Jean Camp (2007) in assessing the indirect and implicit use of mental models applied to computer security. Asghapour et. al., (2007) did three experiments which revealed corresponding results. First, the experiments showed that for a set of security risks, the self-identified security experts and non-experts exhibit specific mental models. Second, a brand of expertise increases the distance between the mental models of non-experts and experts. Finally, the utilization of models through metaphors did not correspond to metaphors that are similar the mental models of simple users. The second study on computer security done by Stuart Schechter and Daniel Smith tackled the kind of security required to protect a packaged system which is present in large organizations from thieves who would plot a vulnerability to attack multiple installations. Both studies are similar since they relay the importance of computer security in organizations. The main theme of Asghapour and her co-researchers were to emphasize the importance of effective security risk communication. The researchers argue that this requires both communicating risk information and motivating the appropriate risk behaviors. The crucial argument is that the purpose of risk communication is not transmitting truth to the users, but training them to take an appropriate move to respond against a certain threat to their system. Similarly, Schechter and David present an economic threat modeling as a measure for understanding adversaries who are attracted for financial gain. They did a mathematical model on thieves outside the target organization who would enter through a simple vulnerability in one of the target company's packaged systems. This model can determine what these thieves are willing to pay for system vulnerabilities and how secure the system should be to withstand any form of theft. The main methodology of Asghapour and her co-researchers were to identify implicit mental models for computer security which makes these explicit and run a test for mental models for fit for risk communication. They also aim to utilize the mental models in a rational manner to address risk communication to non-expert computer users. The researchers pointed out that a mental model is an internal concept of a given process. This concept is case specific and may depend on life experience, description of the risk, type of risk, and information processing strategies. In contrast, the methodology of Stuart Schechter and David Smith in their computer security study was to project economic threat models. The economic threat models they designed were meant to answer these questions: a.) who profits from a computer security attack on a given company; and b.) what is the choice of attack The threat models enable them to pinpoint the adversary and the respective motivation of those. CONCEPTUAL FRAMEWORK Ashgapour and her co-researchers (2007) determined the scope of mental models which are used in the computer security profession. They chose five conceptual models implicit in language and explicit in metaphors: physical safety, medical infections, criminal behavior, warfare and economic failure. Physical safety refers to 'keys', 'safe