MGT 329 - DBMS Overview

MGT 329 - DBMS Overview

Academic Perspectives on Cybersecurity Victimization and Research Stephen Burd ([email protected]) UNM Information Assurance Scholarship for Service Program UNM Center for Information Assurance Research & Education Presentation copies available online http://averia.unm.edu Last revised: 1/16/20 01:13 PM Introducing the Players Arief & Adzmi, Understanding Cybercrime from Its Stakeholders Perspectives: Part 2 Defenders and Victims, IEEE Security & Privacy, March/April 2015 Victim Characteristics Arief & Adzmi, Understanding Cybercrime from Its Stakeholders Perspectives: Part 2 Defenders and Victims, IEEE Security & Privacy, March/April 2015

One Research Thread Individual phishing victims focusing on their behavior and cognition Context Who targets them? For what purpose? How are they targeted? What makes them vulnerable? Online and related behaviors Cognitive models and processes How can their vulnerabilities be mitigated? Education and training Designing systems to match cognitive models/processes Technology-assisted risk awareness

A Cognitive Processing Model M. Metzger, Making Sense of Credibility on the Web: Models for Evaluating Online Information and Recommendations for Future Research, Journal of The American Society for Information Science and Technology, volume 58:13 (2007), pp. 20782091. Dual-processing model of Web site credibility assessment: Dual processing is drawn from research in social psychology Posits two modes of human information processing: Heuristic Quick snap judgement using informal rules/clues Systematic Slower careful analysis with possible follow-up research

Choice of processing mode influenced by motivation and ability Long-Term Research Program Test and validate the model Does it accurately describe user behavior in phishing scenarios? Evidence to date suggests yes Limitations small sample experiments using undergraduate Guinea Pigs Develop strategies to employ the model in ways that avoid or mitigate individual vulnerability, e.g., Preprocess content and provide subtle or overt cues to warn of high risk Define a phishing training program based on training supplemented by post-training fake traps

Empirically test each strategy and measure the results Build related software, embed in an ordinary browser, do a large sample A/B test and measure successful phishes and their consequences for both groups Run the training/trap program as an A/B test, measure results and compare across groups or over time Is the behavioral impact real? Does it fade? In either case, does systematic processing increase and does that result in fewer adverse phishing outcomes? Strategy development and empirical testing are typically described in a Future Research Directions section of a model testing/validation paper How often are the next steps actually taken? Academic Motivation for the Research Program What motivates academic researchers?

Promotion/tenure, based on Number/quality of publications Number of mentored research-oriented graduate students Grant $ Money Direct compensation e.g., summer salary Indirect compensation e.g., equipment and travel funds Grants that cover other research costs e.g., graduate student salaries, software licenses, survey/experiment costs, Prestige Do my colleagues, chair, and dean value what Im doing? Research Realities/Impediments Model development and testing is easy to publish

Clear line of development from others work Low cost of experimentation Clear standards of quality easier to target an A journal Developing ways to put the model into practice This is perceived as a design and engineering task Generally hard to publish until empirically tested Empirically testing Relatively high cost of experimentation Difficult access to real-world data and testing environments

Clearance to publish can be tough to obtain Less clear standards of quality combined with shorter-term engineering perspective harder to target an A journal Critical Research Impediment Access to Data and Other Resources both chambers are expected to consider a major cybersecurity bill designed to encourage private companies to share data with each other, the Department of Homeland Security and, through the department, ultimately the nations intelligence agencies. But past efforts have faltered on the issue of liability protection for the firms. Such legislation is desired by the White House, which views information sharing by private industry as critical to detecting and deterring threats. NY Times, 4/14/2015

Some Recommendations Target an appropriate portion of research funds to the kinds of research that produce practical fieldtested results Ask journal editors and editorial boards to more highly value research beyond model testing and validation Provide researchers (and their students) with access to existing data Provide researchers (and their students) with test beds for experimentation UNMs Human Centric Security

Initiative The Human-Centric Security (HuCS) Initiative is a collaborative effort between UNMs Department of Computer Science Department of Electrical and Computer Engineering Anderson School of Management Sandia National Laboratories Goals: Establish a problem-driven agenda for cutting-edge, human-centric research

Educate the next generation of ethical hackers Facilitate technology transfer to benefit society UNM Cybersecurity/IA Faculty Rich Brody Fraud, forensic accounting Stephen Burd IA education, behavioral modeling Jed Crandall Privacy, digital forensics, Internet surveillance Michalis Faloutsos Network security

Stephanie Forrest Biological methods in cybersecurity Greg Heileman Information security, digital rights management Xin Luo Behavioral modeling, financial fraud Alex Seazzu Digital forensics, IA education

Recently Viewed Presentations

  • Wednesday, November 1, 2017 Perkins Consortia Leader Meeting

    Wednesday, November 1, 2017 Perkins Consortia Leader Meeting

    Ice Breaker At Tables - choose photo or quote of person that resonates with you. Tell tablemates why you picked that person/quote. What qualities do you look for in a leader? What is the difference between a . leader ....
  • CH 13 PPT Meiosis - Sargent Central Public School

    CH 13 PPT Meiosis - Sargent Central Public School

    Meiosis I Homologous chromosomes separate 1 Haploid cells with replicated chromosomes Meiosis II Sister chromatids ... updated by Erin Barley with contributions from Joan Sharp * Figure 13.7 Overview of meiosis: how meiosis reduces chromosome number * Figure 13.8 The...
  • Cash Flow Forecasting STARTER  Think about the bill

    Cash Flow Forecasting STARTER Think about the bill

    What this topic is all about Cash flow is a dynamic and unpredictable part of life for a start-up Cash flow problems are the main reason why a new business fails Cash flow forecasting looks at why and how a...
  • Topic II - Commack Schools

    Topic II - Commack Schools

    I. The Shape of Earth A. Oblate Spheroid: earth is flattened at the poles and bulges at the equator. *the equatorial diameter is greater than the polar diameter. B. Evidence of Earth's Shape 1. Photos from space: reveal that Earth...
  •  Describe the object. What does it look like?

    Describe the object. What does it look like?

    Sneaky Info. Shot. the use of the template pattern sentences, combined into the piece in such a way that the reader doesn't recognize the original template pattern sentences. Example: I love my playful dog. Although he is nearly the size...
  • 2 22 19 5 23  3 6 1

    2 22 19 5 23 3 6 1

    Times New Roman Arial Blank Presentation.pot Adobe Photoshop Image Topographic Map Topographic Symbols Contour Lines No Slide Title Ridgeline Hill Saddle Valley Ridge Depression Draw Spur Cliff Cliff Cut and Fill Terrain Features Point Terrain Features 1000 Meter Grid Square...
  • Presentación de PowerPoint

    Presentación de PowerPoint

    Consideraciones para arribar al diagnóstico. La tuberculosis (TB) del niño tiene, con respecto a la del adulto, clara diferencia en el comportamiento epidemiológico, en la presentación clínica y en la rentabilidad de los métodos de diagnóstico.
  • 921: Childhood Mental Health Issues: An Introduction for

    921: Childhood Mental Health Issues: An Introduction for

    Competencies. The foster parent knows how to assist in treatment of children with mental health or behavioral disorders, including discussion of feelings and concerns, problem solving, empathic listening, behavior management, de-escalation, sanctioned physical restraint, and assault prevention.