Skip to main content Link Search Menu Expand Document (external link)
LIS 640

At-Risk Populations

So far in class, we have spent a lot of time looking at “human beings” — what are the things that are common across all (or at least most) human beings and how do they affect how we do cybersecurity. Things like how our memory works, or the heuristics and biases we use in making decisions. However, not all humans are the same. There are biological, geographic, social, cultural, and situational differences between humans, and many of those differences are really important to security.

This week, we are going to be thinking about how some of those differences matter. How is cybersecurity different for someone experiencing intimate partner violence? How is cybersecurity different if you are a dissident speaking out against a repressive government? How is cybersecurity different if you are a member of a stigmatized minority? How is cybersecurity different for teenagers whose parents own their phones and who live in their parent’s houses? These are important concerns, and what works for you might not work for other people.

Start by reading this paper about cybersecurity for “at risk” people — people who are at some level of high risk for some reason. It is an academic paper (and, so, is a bit of dense reading and slightly longer than some other weeks), but it is also the best summary I can find of what some of these differences are and how they matter.

Additionally, read the academic article titled Users are Not the Enemy by Anne Adams and M. Angela Sasse. This article is to start us thinking about how to work with users, and how the environment around users can effect their decisions.

For the summary for this week, pick one category of at-risk user that you think is particularly interesting to you, and summarize what you think are the most important cybersecurity concerns for that category of user. What are the most important cybersecurity issues for those users? How might those users’ concerns be different than the “average” user? Table II on page 5 of the at-risk user paper contains a really good list of “user populations” that you can pick from, though you are also welcome to pick a class of user not listed on that table if you like. The paper should help you think about this question.