Your search keyword '"Pieters, Wolter (author)"' showing total 4 results

1. Bias and noise in security risk assessments, an empirical study on the information position and confidence of security professionals

Author

de Wit, J.J. (author), Pieters, Wolter (author), van Gelder, P.H.A.J.M. (author), de Wit, J.J. (author), Pieters, Wolter (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Professionals working in both the physical and cybersecurity domain need to assess and evaluate security risks. As information on risks in general and security risks in particular is often imperfect and intractable, these professionals are facing a challenge in judging both likelihood and consequences, but how much do their existing psychological biases play a role in these judgments? In this paper, we present new empirical evidence on the perception of the information position and confidence levels of security professionals, the influence of detailed information and the conjunction fallacy, and the level of noise in security assessments. This paper adds to the literature by examining, for the first time, risk assessments by professionals in realistic, real life, security cases. The results show clear indications for overconfidence, comparative ignorance, influence of the conjunction fallacy, and influence of individual experience on security decision making in the professional security domain. The observed phenomena might have far reaching effects on security risk management in organizations and society., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Safety and Security Science

Published

2023

2. Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context

Author

Binkhorst, V.F. (author), Fiebig, T. (author), Krombholz, Katharina (author), Pieters, Wolter (author), Labunets, K. (author), Binkhorst, V.F. (author), Fiebig, T. (author), Krombholz, Katharina (author), Pieters, Wolter (author), and Labunets, K. (author)

Abstract

With the worldwide COVID-19 pandemic in 2020 and 2021 necessitating working from home, corporate Virtual Private Networks (VPNs) have become an important item securing the continued operation of companies around the globe. However, due to their different use case, corporate VPNs and how users interact with them differ from public VPNs, which are now commonly used by end-users. In this paper, we present a first explorative study of eleven experts' and seven non-experts' mental models in the context of corporate VPNs. We find a partial alignment of these models in the high-level technical understanding while diverging in important parameters of how, when, and why VPNs are being used. While, in general, experts have a deeper technical understanding of VPN technology, we also observe that even they sometimes hold false beliefs on security aspects of VPNs. In summary, we show that the mental models of corporate VPNs differ from those for related security technology, e.g., HTTPS. Our findings allow us to draft recommendations for practitioners to encourage a secure use of VPN technology (through training interventions, better communication, and system design changes in terms of device management). Furthermore, we identify avenues for future research, e.g., into experts' knowledge and balancing privacy and security between system operators and users., Information and Communication Technology

Published

2022

3. Biases in security risk management: Do security professionals follow prospect theory in their decisions?

Author

de Wit, J.J. (author), Pieters, Wolter (author), Jansen, S.J.T. (author), van Gelder, P.H.A.J.M. (author), de Wit, J.J. (author), Pieters, Wolter (author), Jansen, S.J.T. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Security professionals play a decisive role in security risk decision making, with important implications for security in organisations and society. Because of this subjective input in security understanding possible biases in this process is paramount. In this paper, well known biases as observed and described in prospect theory are studied in individual security risk decision making by security professionals. To this end, we distributed a questionnaire among security professionals including both original dilemmas from prospect theory and dilemmas adapted to the context of incident prevention. It was hypothesised that security professionals dealing with risks and decision making under risk on an almost daily basis would or should be less vulnerable to decision biases involving risks, in particular when framed in terms of incident prevention. The results show that security professionals are vulnerable to decision biases at the same scale as lay people, but some biases are weaker when decision problems are framed in terms of security as opposed to monetary gains and losses. Of the individual characteristics defining experience, only the general education level observably affects vulnerability for biases in security decision making in this study. A higher general education level leads to a significantly higher vulnerability to decision biases. By highlighting the vulnerability of security professionals to decision biases, this study contributes essential awareness and knowledge for improved decision making, for example by different representation of probabilities and uncertainty., Safety and Security Science, Housing Systems

Published

2021

4. Biases in security risk management: Do security professionals follow prospect theory in their decisions?

Author

de Wit, J.J. (author), Pieters, Wolter (author), Jansen, S.J.T. (author), van Gelder, P.H.A.J.M. (author), de Wit, J.J. (author), Pieters, Wolter (author), Jansen, S.J.T. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Security professionals play a decisive role in security risk decision making, with important implications for security in organisations and society. Because of this subjective input in security understanding possible biases in this process is paramount. In this paper, well known biases as observed and described in prospect theory are studied in individual security risk decision making by security professionals. To this end, we distributed a questionnaire among security professionals including both original dilemmas from prospect theory and dilemmas adapted to the context of incident prevention. It was hypothesised that security professionals dealing with risks and decision making under risk on an almost daily basis would or should be less vulnerable to decision biases involving risks, in particular when framed in terms of incident prevention. The results show that security professionals are vulnerable to decision biases at the same scale as lay people, but some biases are weaker when decision problems are framed in terms of security as opposed to monetary gains and losses. Of the individual characteristics defining experience, only the general education level observably affects vulnerability for biases in security decision making in this study. A higher general education level leads to a significantly higher vulnerability to decision biases. By highlighting the vulnerability of security professionals to decision biases, this study contributes essential awareness and knowledge for improved decision making, for example by different representation of probabilities and uncertainty., Safety and Security Science, Housing Systems

Published

2021