IT Security is often considered to be a technical problem. However, IT Security is about decisions made by humans and should therefore be researched with psychological methods. Technical/Engineering methods are not able to solve security problems. In this talk I will introduce the Institute’s research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security?
Stefan Schumacher is the Head of the Magdeburger Institut für Sicherheitsforschung and Editor of the Magdeburger Journal zur Sicherheitsforschung. He studied Educational Science and Psychology and is currently managing the research project Psychology of Security. His research interest focusses on Social Engineering, Security Awareness and Qualitative Research about the Perception of Security. He is also an Assistant Lecturer at the University Magdeburg. He has been involved in the Hacker and Open Source Scene (NetBSD) for the last 20 years. He gave more than 140 public talks in the last 10 years at conferences like DeepSec Vienna, DeepIntel, Chaos Communication Congress, Chaos Communication Camp, Chemnitzer Linux-Tage, Datenspuren, LinuxDays Luxembourg, DGI Forum Wittenberg, GUUG FFG, ILA etc. and published several articles and a book on IT and Security Policy. A full list of publications and talks can be downloaded at (http://www.kaishakunin.com/bib/Stefan-Schumacher-Bibliographie-Liste.pdf) (http://www.kaishakunin.com/bib/Stefan-Schumacher-Vortraege.pdf)