ABSTRACT
Trust is an adaptation to an uncertain, risky situation; humans apply trust to make decisions and minimize risk. Cybersecurity occurs in a context characterized by high risk, uncertainty, time pressure, and an almost inconceivable number of agents potentially affecting the security of a network. While human–computer interaction (HCI) in cybersecurity applies to an operator and a computer, interactions among members of a team, or between an individual and an attacker, also affect security outcomes. The chapter offers several examples to distinguish cybersecurity, in its size and complexity, from other domains of interest to HCI. Methods traditionally used to understand less complex interactions, such as a heuristic evaluation of an application, are still used in cybersecurity domains. Trust reflects a relationship between an entity doing the trusting and the entity being trusted. Normative and descriptive models of decision-making show that humans are rational information processors willing and able to shortcut this process when some uncertainty is difficult or impossible to resolve.
