-
patanjali.purpose
- Legendary Member
- Posts: 784
- Joined: Sun Apr 03, 2011 3:51 am
- Thanked: 114 times
- Followed by:12 members
TO ERR is human, but to foul things up completely takes a computer, or so the old saw goes. Although this may seem a little unfair to computers, a group of cybersecurity experts led by Jim Blythe of the University of Southern California are counting on there being at least some truth in the saying. They have created a system for testing computer-security networks by making computers themselves simulate the sorts of human error that leave networks vulnerable.
Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security. Repeated warnings about being vigilant, for example, often go unheeded as people fail to recognise the dangers of seemingly innocuous actions such as downloading files. On top of that, some "mistakes" are actually the result of deliberation. Users-both regular staff and members of the information-technology (IT) department, who should know better-often disable security features on their computers, because those features slow things down or make the computer more complicated to use.
Yet according to Dr Blythe, such human factors are often overlooked when security systems are tested. This is partly because it would be impractical to manipulate the behaviour of users in ways that would give meaningful results. He and his colleagues have therefore created a way of testing security systems with computer programs called cognitive agents. These agents' motives and behaviours can be fine-tuned to mess things up with the same aplomb as a real employee. The difference is that what happened can be analysed precisely afterwards.
Each agent represents a run-of-the-mill user, a manager or a member of the IT staff. It is given its own set of beliefs, desires and intentions, along with a job to do and a deadline by which that job must be done. All operations connected with the job are mediated through a standard Microsoft Windows interface that is hooked up to the security system. Agents can also be given group tasks, which in turn may be influenced by their own group dynamics. Put simply, the agents can have friends, shared interests and power relations, and can trust some agents more than others, all of which will affect how quickly they perform the job at hand.
The team plans a full-scale test later this year, but preliminary results, which Dr Blythe will present to the Association for the Advancement of Artificial Intelligence's 25th annual conference in San Francisco on August 9th, look promising. For example, as users fall foul of so-called phishing attacks-giving away sensitive details such as passwords while browsing the internet, or allowing code that corrupts work files to be downloaded-the ability of IT staff to cope with the consequences diminishes as they become increasingly overwhelmed and tired.
Could you pls share your views:
1) What is the purpose of 2nd paragraph?
2) Why did author mention 'Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security'?
Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security. Repeated warnings about being vigilant, for example, often go unheeded as people fail to recognise the dangers of seemingly innocuous actions such as downloading files. On top of that, some "mistakes" are actually the result of deliberation. Users-both regular staff and members of the information-technology (IT) department, who should know better-often disable security features on their computers, because those features slow things down or make the computer more complicated to use.
Yet according to Dr Blythe, such human factors are often overlooked when security systems are tested. This is partly because it would be impractical to manipulate the behaviour of users in ways that would give meaningful results. He and his colleagues have therefore created a way of testing security systems with computer programs called cognitive agents. These agents' motives and behaviours can be fine-tuned to mess things up with the same aplomb as a real employee. The difference is that what happened can be analysed precisely afterwards.
Each agent represents a run-of-the-mill user, a manager or a member of the IT staff. It is given its own set of beliefs, desires and intentions, along with a job to do and a deadline by which that job must be done. All operations connected with the job are mediated through a standard Microsoft Windows interface that is hooked up to the security system. Agents can also be given group tasks, which in turn may be influenced by their own group dynamics. Put simply, the agents can have friends, shared interests and power relations, and can trust some agents more than others, all of which will affect how quickly they perform the job at hand.
The team plans a full-scale test later this year, but preliminary results, which Dr Blythe will present to the Association for the Advancement of Artificial Intelligence's 25th annual conference in San Francisco on August 9th, look promising. For example, as users fall foul of so-called phishing attacks-giving away sensitive details such as passwords while browsing the internet, or allowing code that corrupts work files to be downloaded-the ability of IT staff to cope with the consequences diminishes as they become increasingly overwhelmed and tired.
Could you pls share your views:
1) What is the purpose of 2nd paragraph?
2) Why did author mention 'Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security'?
