Malicious User Experience Design Research for Cybersecurity

This paper explores the factors and theory behind the user-centered research that is necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security to reach a goal or a reward of data. Based on the malicious user research, game user research, and using the GameFlow framework, we propose a novel malicious user experience design approac

Mr Hyde Or Dr. Jekyll? Characteristics Of The Information Systems Security Mindset

Information security professionals have a unique challenge in today\u27s connected world. They are charged with protecting digital assets from individuals, groups, and even foreign governments with little or no restrictions limiting their behavior. To be successful, security experts must have the mindset and skills of those who seek to harm their organization, but most are not alloto retaliate, in kind. Instead, they must use these skills only to predict and to prevent future attacks; thus using their technical prowess for good and not for evil. In a survey of 330 information security professionals, the data reveals six mindsets of security experts through a latent class analysis. One class emerged containing approximately 52% of the respondents, which indicates that the information security field is consistent with social identity theory and contains significant homogeneity in mindset toward securing an organization\u27s digital assets. Additionally, personality characteristics such as Creativity, Trait Competitiveness, and Morality influence membership in one of six information security mindsets