Trial lecture for appointment as Associate Professor - Joakim Kävrestad

Welcome to Joakim Kävrestad's trial lecture for appointment as Associate Professor on October 15th, 15.15 in E1405 (Gjuterisalen).

Title
From telling to asking: Perspectives on a decade of research in human aspects of cybersecurity

Abstract
We have all heard that the users are the supposed weak links in the cybersecurity chain. This comes from a long time of observing that many or most cybersecurity incidents begin with or are enabled by user actions (or lack thereof). As can be understood by the “weak user” expression, the cybersecurity community has long taken a “blame the user” position and attempted to solve the situation by trying to inform users about how to use digital systems in a myriad of ways. Fast-forwarding to today, researchers and many practitioners agree that the “blame and train” approach is fundamentally flawed and look for other solutions. In this lecture, I will discuss my research in relation to this development and explain why the “blame and train” approach is fundamentally wrong. I will also reflect on why it doesn’t make sense to assume that informing users will remove the incidents stemming from users' behaviour and on what we should do instead, both with the tools available today and the methods we need to develop for tomorrow.   

Welcome!