HW5

Homework 5

Due a week after the first class at 11:59 pm

Read the assigned articles in D2L. Answer the questions below. The answers must demonstrate that you have substantively engaged with the material and you haven’t simply goggled the question and copy/pasted the answer.

1. What does it mean if your computer has a virus? What about malware? What is the difference?

2. How would you explain sending an email to a non-computer-literate teenager? Why do some spam emails have a sender address that is a person who didn’t send the message?

3. Consider your own mental models. Think back to your first encounters with an IT system. What was your mental model of the entities involved? Can you think of any ways in which that mental model oversimplified the state of the world? How has your mental model of your interactions with IT systems evolved over time?  

4. Where does the idea of a medical model of cybersecurity come from?

5. Wash (2010) discusses folk models of computer security. In his paper he mentioned models of hackers and break-ins. Choose one of the characterizations of hackers and explain a way that the characterization might cause lapses in good cyber security practices, and by contrast, ways the characterization might encourage good cyber security practices.  

6. How can a person who has a medical model of security communicate with someone who has a criminal model of security?

7. How can a security team communicate with a user base that has a set of mental models about security? Should they try to change the mental models that people have, or should they try to fit their message to what people already believe?

8. Shared mental models can lead to better team performance, but only if teams share information in areas of expertise that do not overlap. Discuss examples of situations in which cybersecurity experts might have to work with professionals with different areas of expertise. What might be areas of overlap of their mental model of cybersecurity? What are some ways they can use share information to ensure they can work together effectively?

9. What are the commonalities between the five different mindsets in cybersecurity? What are the differences? How these are (or are not) addressed in practice?