Results 1 -
6 of
6
Conditions for Intuitive Expertise: A Failure to Disagree
- American Psychologist
, 2009
"... This article reports on an effort to explore the differences between two approaches to intuition and expertise that are often viewed as conflicting: heuristics and biases (HB) and naturalistic decision making (NDM). Starting from the obvious fact that professional intuition is sometimes mar-velous a ..."
Abstract
-
Cited by 95 (1 self)
- Add to MetaCart
(Show Context)
This article reports on an effort to explore the differences between two approaches to intuition and expertise that are often viewed as conflicting: heuristics and biases (HB) and naturalistic decision making (NDM). Starting from the obvious fact that professional intuition is sometimes mar-velous and sometimes flawed, the authors attempt to map the boundary conditions that separate true intuitive skill from overconfident and biased impressions. They conclude that evaluating the likely quality of an intuitive judgment requires an assessment of the predictability of the environ-ment in which the judgment is made and of the individual’s opportunity to learn the regularities of that environment. Subjective experience is not a reliable indicator of judg-ment accuracy.
Secure system? challenge accepted: Finding and resolving security failures using security premortems
- In Designing Interactive Secure Systems: Workshop at British HCI
, 2012
"... Risk-driven approaches are dominant in secure systems design; these aim to elicit and treat vulnerabilities and the threats exploiting them. Such approaches, however, are so focused on driving risks out of system design, they fail to recognise the usefulness of failure as a vehicle for security inn ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Risk-driven approaches are dominant in secure systems design; these aim to elicit and treat vulnerabilities and the threats exploiting them. Such approaches, however, are so focused on driving risks out of system design, they fail to recognise the usefulness of failure as a vehicle for security innovation. To explore the role of failure as a design tool, we present the security premortem: a participative design technique where participants assume that a system has been exploited, and plausible reasons are given for explaining why. We describe this approach and illustrate how software tools can be used to support it. Risk,Premortem,CAIRIS
Article Developing
"... craft skills with quasi-cases: The example of the Big Apple’s flirtation with congestion pricing ..."
Abstract
- Add to MetaCart
(Show Context)
craft skills with quasi-cases: The example of the Big Apple’s flirtation with congestion pricing
This is the author version published as:
"... This is the accepted version of this article. To be published as: This is the author’s version published as: ..."
Abstract
- Add to MetaCart
This is the accepted version of this article. To be published as: This is the author’s version published as:
Evaluating the Implications of Attack and Security Patterns with Premortems
"... Abstract Security patterns are a useful way of describing, packaging and apply-ing security knowledge which might otherwise be unavailable. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that addressing the consequences of one problem ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract Security patterns are a useful way of describing, packaging and apply-ing security knowledge which might otherwise be unavailable. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that addressing the consequences of one problem won’t introduce or exac-erbate another. Rather than using patterns exclusively to explore possible solutions to security problems, we can use them to better understand the security problem space. To this end, we present a framework for evaluating the implications of secu-rity and attack patterns using premortems: scenarios describing a failed system that invites reasons for its failure. We illustrate our approach using an example from the EU FP 7 webinos project. 1 Contextualising Patterns for Security Design Because security knowledge isn’t readily available in design situations, there is con-siderable value in codifying and packaging it. Given both the adversarial nature of security, and the dangers of over or underestimation of security issues when this nature is misunderstood, it also seems useful to package knowledge about attacks as patterns. From a practitioner perspective, it seems surprising that, despite an abun-dance of examples of how security knowledge can be codified as patterns, e.g. [1], and the claim that building attack patterns is evidence of organisational security ma-turity [2], there is a dearth of work describing the application of attack patterns in security design.
