The "human agent" is at the center of all security systems. According to
IBM, 95 percent of all security incidents involve human error.  One can
assume that human factors should be one of the main areas utilized to
educate future security experts. Developing an understanding of human
behavior must become a focal area for future experts from both a human
computer interaction point of view and a pure human factors perspective.
A quick look at 25 educational programs  in the cyber security area
reveals that the educational programs are only offered to postgraduates in
the U.S. Most of the offered programs are within the Eastern U.S.
Looking at the courses offered in this area reveals no base standard for the
content of programs. Among 70 topics identified only the following are
offered by multiple institutions: Forensics (12), Cryptography (8),
Information Assurance (9), Information Security (10), Information Technology
(6), Network Security (10) and Security Management (4).
It is interesting to observe that among these entire programs only one
institution offers a course on "Human Factors and Managing Risk" (Norwich
University Online). Even this course is still not a full human factors
Many private enterprises seem to hire their security analysts from fields
like psychology and the social sciences due to a lack of resources invested
in the study of cyber security. This only emphasizes a crucial need for
courses in human factors and cyber security not only to be offered more
widely as graduate programs but also offered within undergraduate programs.
In this area I believe the AHFEI by organizing the "2nd International
Conference on Human Factors in Cybersecurity" has an important role to play
in promoting awareness and communicating the importance of incorporating
human factors within our educational programs.
Abbas Moallem, Ph.D.
Published AHFEI NEWS, FEb 2016