On June 20, our two-week training started at Saarland University in Saarbrücken. Within two weeks, speakers from different partner universities and institutions presented different topics around psychology and cybersecurity in order to develop a first draft of a Human Factor course at the end of the two weeks, which will be piloted at our partner universities in Pakistan.

After a welcome by the Vice President of the University, Prof. Dr. Cornelius König and the project leader Dr. Nida Bajwa, Niklas George (Saarland University, Department of Industrial and Organizational Psychology) started to give the participants an introduction into different topics of psychology on the first day. By introducing phenomena of general psychology, social psychology, biological psychology, but also differential psychology, the participants should get a first preview of what was waiting for them during the week.

The second day of our first project week started with a short insight into psychological methodology by Richard Bergs (Saarland University, Department of Industrial and Organizational Psychology). In the second half of the day, Dr. Zeynep Uludağ (Ardahan University) gave a talk on risk perception and communication in cybersecurity, focusing the presentation on cognitive biases according to Amos Tversky and Daniel Kahneman.

On Wednesday, Prof. Dr. Sahar Nadeem (Institute of Business Administration Karachi) an expert in memory processes, spoke about cyber hygiene and the utility of passwords, linking the creation of secure passwords to memory processes such as chunking. For the rest of the day, Dr. Zeynep Uludağ gave a talk titled „System misuse and user misbehavior“, in which she introduced how we actually make decisions and why people, especially in the context of cyber security, also make wrong decisions that ultimately lead to mistakes. In particular, the different forms of use of systems (such as misuse, non-use, but also misuse) were part of the presentation.

On the fourth day of the two-week training, Stefan Kenst (Saarland University, Department of Industrial and Organizational Psychology) introduced the different forms of privacy and highlighted the topic of privacy with a psychological perspective. For the second part of the day, Usama Waheed (Lahore University of Management Sciences) was joined by zoom, a renowned expert on the psychological background processes of social media.

The last day of our project week was organized by a small group of psychology students. The students are currently doing their master’s degree in psychology and developed content on social engineering processes as part of a seminar with Dr. Bajwa. As a final part of the seminar, they presented different types of social engineering attacks to the training participants by letting the participants perceive for themselves how a social engineering attack occurs in the real world during the presentation. The final part of the last day was a short presentation by Richard Bergs, who talked about the psychological concept of trust in the interaction of people and systems.

After the many new impressions and exciting content, the group decided to travel to Heidelberg on Saturday. Heidelberg is located about 130 kilometers from Saarbrücken and can be reached in about two hours by train. Along the so-called „Philosophenweg“ (Philosophers‘ Path), we explored the former royal residence city from above and took a break while enjoying a beautiful view over the picturesque old town of Heidelberg. Finally, we hiked to Heidelberg Castle, which is mentioned in writings as early as the 12th century, has served as a motif and source of inspiration for paintings and poems over the past centuries, and is considered one of the oldest as well as most famous landmarks in Germany. We ended the day of the excursion with a joint dinner in Heidelberg’s city center.

The ReCyP:HER group over Heidelberg, with Heidelberg Castle in the background

The second week began with a presentation by Dr. Verena Distler at the University of Luxembourg. Dr. Distler spoke about studies focusing on human-computer interactions (HCI) and initiated an exciting exchange about the future of human-centered cybersecurity research. After lunch, the group explored the capital of the Grand Duchy, stopping at the Court of Justice of the European Union, among other locations, before touring the historic Old Town under the guidance of Dr. Bajwa.

Prof. Dr. Bilgin (Boğaziçi University) in front of the Université du Luxembourg
View over a clouded Luxembourg

On the following Tuesday, Niklas George started with a presentation on so-called nudging, the psychological process of getting users (or people in general) to change behavior. In the afternoon, we again had Matthias Fassl (CISPA – Helmholtz Center for Information Security) who mainly talked about ethical foundations in cybersecurity research and presented current study results of his research group.

Wednesday started with a presentation on psychological methodology. After Richard Bergs had given a short overview of psychology as a science in the first week, Dr. Rudolf Siegel as well as Rafael Mrowczynski (both CISPA – Helmholtz Center for Information Security) talked about higher statistical methods, but also gave an insight into qualitative research methods, which are more widely used in cybersecurity research. Johanna Gathen (Saarland University, Department of Industrial and Organizational Psychology) concluded the training day by presenting on user education and training.

The last two days of the training were primarily used to develop a first draft of a possible Human Factor course that will be implemented at the Pakistani universities. Dr. Bajwa recapped the findings of the last few days and, at the request of many participants, spoke about WEIRDness in psychological research. WEIRD is an acronym that describes the groups of people who are particularly likely to be subjects in psychological studies, namely people from backgrounds that are western, educated, industrialized, rich, and democratic. Dr. Bajwa presented efforts in research to break with this paradigm and showed movements to improve research in this direction. Last but not least, it is this cultural exchange of the participants in this project that contributes to making research more generalizable.

The group used the rest of the day for discussions about the previous content. Finally, questions arose which topics of this training could be implemented in a Human Factor course, what the focus of such a course should be, but also what content would need to be taught in order to give students an all-round view of the topic of Human Factor. The group agreed on several topics that corresponded closely to a recommendation issued by the Association for Computing Machinery (ACM), but modified this curriculum recommendation by adding topics. Finally, it was decided to review the individual contents of the training and to exchange findings in another online meeting.

Overall, the two-week training was a complete success. All project partners confirmed that they had gained a lot for themselves in the course of the last two weeks and that they had taken away new impressions, ideas and inspiration from it.

Saarland University would like to thank all participating project partners for the intensive and enriching intellectual exchange, participation and interest, whether on-site or remote.

Kategorien: Cybersecurity