zeit.de

IT Security Expert Advocates for User-Centric Design

Professor Melanie Volkamer of Karlsruhe Institute of Technology criticizes the current complexity of IT security systems, arguing for a user-centered design to improve user safety and reduce the burden on employees to avoid cyberattacks.

Read original article in German

German

Germany

TechnologyCybersecurityData ProtectionIt SecurityHuman FactorUser-Centric Design

Karlsruher Institut Für TechnologieGoogleMicrosoft

Melanie Volkamer

How can the current approach to corporate IT security training be improved to better equip employees to avoid security breaches?: Volkamer highlights the insufficient knowledge transfer in corporate IT security training. She emphasizes the need for improved email filtering technology to automatically detect and block suspicious emails, reducing user burden. This approach shifts focus from solely blaming users to addressing systemic flaws.
What are the primary technological and design flaws contributing to the current vulnerability of internet users and companies to cyberattacks?: Professor Melanie Volkamer of Karlsruhe Institute of Technology argues that complex IT security systems are the main problem, not individual user mistakes. She advocates for user-centered design to simplify security measures. Current approaches often fail to provide clear, actionable instructions.
What are the long-term implications of prioritizing user-centric design in IT security, and how might this impact the balance between security and user experience?: Volkamer's perspective suggests a shift towards proactive, preventative security measures focusing on system design rather than solely relying on user education. This would involve significant changes in IT infrastructure and software design to prioritize user-friendliness and automated threat detection. This shift would likely reduce the incidence of security breaches caused by human error.

Cognitive Concepts

3/5

Framing Bias

The headline (not provided) and introduction likely frame the issue as primarily one of individual user error, setting the stage for a discussion that prioritizes individual responsibility over systemic factors. The article then introduces a counterpoint, but the initial framing might still heavily influence the reader's overall interpretation.

2/5

Language Bias

The language used is largely neutral, although terms like "Kriminelle" (criminals) could be perceived as somewhat emotionally charged. However, this is largely contextually appropriate and does not significantly distort the article's overall message. The use of words like "naiv" (naive) might be considered loaded, but it is used to illustrate the professor's point about vague security instructions, rather than to denigrate users.

3/5

Bias by Omission

The article focuses heavily on the individual's responsibility for online security, potentially overlooking systemic issues within companies' IT infrastructure or the design of software that could contribute to vulnerabilities. While the expert's perspective offers a counterpoint, a more balanced approach would explore both individual and systemic factors more thoroughly. For example, the lack of discussion on corporate responsibility to provide secure systems and robust training programs could be seen as a bias by omission. The article also omits discussion of the varying levels of technical expertise amongst users and the challenges this presents.

3/5

False Dichotomy

The article presents a somewhat false dichotomy between individual responsibility and technological solutions. While individual caution is important, the implication that simply better user training will solve all problems is an oversimplification, neglecting the role of complex technology and potentially flawed system design.

1/5

Gender Bias

The article uses gender-neutral language for the most part, referring to "Mitarbeiterinnen und Mitarbeitern" (employees, male and female). However, a deeper analysis of the underlying assumptions about user behavior and digital literacy would be necessary to assess if any gendered biases exist.

Sustainable Development Goals

Quality Education Positive

Direct Relevance

The article highlights the need for improved user education and design in IT security. Professor Volkamer advocates for a human-centered design approach, emphasizing the need for clear instructions and user-friendly interfaces to improve online safety. This directly relates to SDG 4 (Quality Education) by promoting digital literacy and the ability to use technology safely and effectively.

Apr 3, 10:12

Giesecke + Devrient Reports Record Revenue Amidst Geopolitical Uncertainty

In 2022, Giesecke + Devrient (G+D), a German security technology and banknote producer, saw a 5% revenue increase to €3.1 billion, exceeding its record €3.3 billion order intake; this growth is fueled by the rising demand for digital security solutions amid geopolitical instability and a strategic diversification beyond banknotes.

Apr 3, 10:12

Giesecke + Devrient Reports Strong Revenue Growth Amidst Global Uncertainty

Giesecke + Devrient, a German security technology firm, reported a 5% revenue increase to €3.1 billion in 2023, exceeding its record €3.3 billion order intake; growth is driven by digital security and financial technology.

Apr 2, 10:18

Quantum Computing: Revolutionizing Industries Through Superior Calculation

Quantum computing, utilizing qubits' unique properties, surpasses classical computing in complex calculations; its integration with classical systems promises to revolutionize diverse industries, from finance to materials science, while also posing security challenges.

Apr 2, 04:14

Google Deletes Inactive Accounts: Urgent Action Needed

Google will delete inactive personal accounts after two years of inactivity, starting October 3rd, prompting users to verify account status and take action to avoid data loss; the policy aims to enhance security.