Communications of the ACM
Iowa State Researchers Test Brain Activity to Identify Cybersecurity Threats
Iowa State researchers measured brain activity to better understand cybersecurity threats and identify what motivates employees to violate company policy.
Credit: Bob Elbert
Iowa State University (ISU) researchers led by professor Qing Hu are working to better understand internal cybersecurity threats by measuring brain activity.
In a study published in the Journal of Management Information Systems, the researchers defined a security violation as unauthorized access to confidential data, inclusive of copying, transferring, or selling that information to a third party for personal gain. A group of 40 students were given a series of security scenarios, ranging from minor to major violations, and had to decide how to respond while researchers measured their brain activity using electroencephalography.
ISU professor Robert West analyzed the results, noting "people with low self-control were faster to make decisions for the major violation scenarios. It really seems like they were not thinking about it as much."
Fellow professor Laura Smarandescu says the study may help businesses determine which employees should have access to sensitive information. "A questionnaire measuring impulsivity for individuals in critical positions may be one of the screening mechanisms businesses could use," she suggests.
Hu notes "training is good, but it may not be as effective as believed. If self-control is part of the brain structure, that means once you've developed certain characteristics, it's very difficult to change."
From Iowa State University News Service
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found