The “human agent” is at the center of all security systems. According to IBM, 95 percent of all security incidents involve human error.  One can assume that human factors should be one of the main areas utilized to educate future security experts. Developing an understanding of human behavior must become a focal area for future experts from both a human computer interaction point of view and a pure human factors perspective.
A quick look at 25 educational programs  in the cyber security area reveals that the educational programs are only offered to postgraduates in the U.S. Most of the offered programs are within the Eastern U.S.
Looking at the courses offered in this area reveals no base standard for the content of programs. Among 70 topics identified only the following are offered by multiple institutions: Forensics (12), Cryptography (8), Information Assurance (9), Information Security (10), Information Technology (6), Network Security (10) and Security Management (4).
It is interesting to observe that among these entire programs only one institution offers a course on “Human Factors and Managing Risk” (Norwich University Online). Even this course is still not a full human factors course.
Many private enterprises seem to hire their security analysts from fields like psychology and the social sciences due to a lack of resources invested in the study of cyber security. This only emphasizes a crucial need for courses in human factors and cyber security not only to be offered more widely as graduate programs but also offered within undergraduate programs.
In this area I believe the AHFEI by organizing the “2nd International Conference on Human Factors in Cybersecurity” has an important role to play in promoting awareness and communicating the importance of incorporating human factors within our educational programs.
Abbas Moallem, Ph.D.
Published AHFEI NEWS, FEb 2016