Shirley Gaw will present her preFPO on Thursday February 15 at 4:30PM in Room 302 (note room). The members of her committee are Ed Felten, advisor; Paul Dourish (UC Irvine) and Brian Kernighan, readers; Perry Cook and Olga Troyanskaya, non-readers. Everyone is invited to attend her talk. Her abstract follows below. ------------------------------------- Human factors are considered one of the "weakest links" in computer security. That is, there is a gap between the theoretical security of a system and the practical security of a system. My thesis addresses this gap by understanding how users observe or avoid secure practices. The central argument of my thesis is that a sociological approach to computer security is a missing but necessary foundation for addressing the "weakest link" in secure systems. While we may have intuitions about human behavior, simplistic models of users fail to capture the underlying complexity of their practices in real situations, including both their adoption of security technologies and their implementation of security policies. I will illustrate this by discussing results from three studies investigating the human side of computer security: use of encrypted e-mail in an activist organization, password management practices of undergraduates, and privacy concerns of knowledge workers. Finally, I will discuss how results from sociological approaches can inspire design for novel systems. We are working on using the results from the encrypted e-mail study to design a communication system where interaction relies on implicit cues of user involvement and trust built over time.