The Role of Human Factors/Ergonomics in the Science of Security: Decision Making and Action Selection in Cyberspace

Hum Factors. 2015 Aug;57(5):721-7. doi: 10.1177/0018720815585906. Epub 2015 May 20.


Objective: The overarching goal is to convey the concept of science of security and the contributions that a scientifically based, human factors approach can make to this interdisciplinary field.

Background: Rather than a piecemeal approach to solving cybersecurity problems as they arise, the U.S. government is mounting a systematic effort to develop an approach grounded in science. Because humans play a central role in security measures, research on security-related decisions and actions grounded in principles of human information-processing and decision-making is crucial to this interdisciplinary effort.

Method: We describe the science of security and the role that human factors can play in it, and use two examples of research in cybersecurity--detection of phishing attacks and selection of mobile applications--to illustrate the contribution of a scientific, human factors approach.

Results: In these research areas, we show that systematic information-processing analyses of the decisions that users make and the actions they take provide a basis for integrating the human component of security science.

Conclusion: Human factors specialists should utilize their foundation in the science of applied information processing and decision making to contribute to the science of cybersecurity.

Keywords: human information processing; information security; privacy; risk communication; risk perception.

Publication types

  • Research Support, Non-U.S. Gov't

MeSH terms

  • Computer Security*
  • Decision Making*
  • Electronic Mail
  • Ergonomics
  • Humans
  • Internet*
  • Mobile Applications*
  • Security Measures
  • United States