Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1.

Slides:

Advertisements

Similar presentations

Effective Supervision

Advertisements

3 High expectations for every child

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

Science of Science and Innovation Policy (SciSIP) Presentation to: SBE Advisory Committee By: Dr. Kaye Husbands Fealing National Science Foundation November.

CHANGING ROLES OF THE DIAGNOSTICIAN Consultants to being part of an Early Intervention Team.

“Building Effective Public Participation in Environmental Impact Assessment in a Transboundary Context” in Bulgaria Institute for Ecological Modernisation.

IT Retreat 2009 IT Security Controls and Initiatives.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

2011 Overall Objectives Contributing toward limiting Violence against Women, and fostering the role of the NCHR in combating VAW focusing on domestic.

Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)

The LEADS framework: An important resource for improving leadership culture and performance Presentation to CHIMA Conference October 16, 2014.

Stephen S. Yau CSE , Fall Security Strategies.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Identification and Analysis of Cyber Crime (Repository of Cyber Crime and Cyber Laws) Knowledge Based System (KBS) Presentation By : Dr. Priyanka Sharma.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Team 2 Andrew Boyd Kaven Williams.  Privacy, Security and Compliance Issues  Current State of Research  Implications  Areas of Research Opportunity.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Margaret J. Cox King’s College London

Maureen B. Higgins Assistant Director, Agency Support & Technical Assistance Office of Personnel Management December 8, 2010.

Dr E Kritzinger – UNISA SACSAW Cyber Awareness Implementation Plan (CAIP) for schools.

Raising Awareness of Grey Literature in an Academic Community Using the Cognitive Behavioral Theory GL11 Conference, December 14-15, 2009 Yongtao Lin,

The Research on Credibility of Knowledge Management System Wang FanLin Department of Accounting Capital University of Economic Business Beijing, China.

Connecting Teachers Can there be models of effective practice for teachers with ICT? Chair: Christine Vincent, Becta Presenter: Margaret Cox King’s College.

A Proposal to Develop a Regulatory Science Program under Carleton University’s Regulatory Governance Initiative Presentation to the fourth Special Session.

Cyber Security & Fraud – The impact on small businesses.

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

Fernando Salazar, Ph.D. Universidad Peruana Cayetano Heredia San Francisco 30 May, 2013 International Dissemination of Evidence Based Practice.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

Jean-Noel Guillossou Program Manager, SSATP SSATP Strategic Priorities Annual Meeting, December 2012.

A Strategic Research Agenda for Europe in the field of illicit drugs Priorities for socio-economic and humanities research HDG Brussels - December 10,

Ali Alhamdan, PhD National Information Center Ministry of Interior

Utah State University Extension Civil Rights Compliance Self-Assessment Tool Dr Dallas L. Holmes Institutional Research 2005 National Diversity Conference.

A Cyber Security Curriculum for Southern African Schools By Mariska de Lange and Prof Rossouw von Solms.

Awicaksi E-Commerce Security & Payment System E-Commerce.

College of Education Helping Schools Evaluate Needs and Select Best Practices in Childhood Mental Health.

CYBER CRIMES PREVENTIONS AND PROTECTIONS Presenters: Masroor Manzoor Chandio Hira Farooq Qureshi Submitted to SIR ABDUL MALIK ABBASI SINDH MADRESA TUL.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

ORGANISATIONAL CULTURE ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY FAILING TO PLAN, IS PLANNING TO FAIL ASPECTS THAT SHOULD BE ADRESSED DURING.

Chapter 8 Auditing in an E-commerce Environment

Acceptance of Social Media Marketing in the Sanitary Market Marcus Diedrich 6. November 2015.

Richard Swetenham Head of Unit of eContent and Safer Internet European Commission, General Directorate Information Society and Media Safer Internet Programme:

Influencing Policy through Research: Introduction to Principles and Tools Arnaldo Pellini:

By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.

Health and Human Services Informatics Master's degree programme Kaija Saranto, Professor, PhD, RN, FACMI Sirpa Kuusisto-Niemi, Ms.Soc.Sc.,Lecturer Department.

1 I ntegrated S ite S ecurity for G rids WP2 – Site Assessment Methodology, 20 June 2007 WP2 - Methodology ISS e G Integrated Site Security.

MIS323 – Business Telecommunications Chapter 10 Security.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Andrew Boyd, Kaven Williams, Ron Chin, Scott Densten, Diana Diamond, Chris Morgenthaler 1.

1 INTERNATIONAL NETWORK ON FINANCIAL MANAGEMENT OF LARGE-SCALE CATASTROPHES Global Conference on Insurance and Reinsurance for Natural Catastrophe Risk.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Introduction Training. Training contents Introduction What is LXRMTK? How can LXRMTK be used? Where can LXRMTK be used? Who can use LXRMTK? History of.

Digital Evidence Acquisition Using Cyberforensics Tools Oral Paper Presentation Graduate Student Research Development Day Virtual Conference October 25,

Moving to BYOD Gary Audin 1.

THE ROLE OF RESEARCH IN TELECENTER DEVELOPMENT Why does research matter? Raul Roman Center for Internet Studies University of Washington APEC Telecenter.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

EIC – Jornada ciberatacs cyber risk outlook June 2016.

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

ISSeG Integrated Site Security for Grids WP2 - Methodology

Network Intrusion Responder Program

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Oman Experience on Telecommunications Emergency Plan

Cyber security Policy development and implementation

The Secure Contingency Plan

Multi-Mode Data Collection

Big Data in Official Statistics: Generalities

“Workplace Behaviour: Activating your greatest security asset”

Presentation transcript:

Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1

Agenda The context Causes Basis Review of field – Selection – Analysis – Future directions 2

3

4

App & Airlines 5

6

Causes Accidental or non-deliberate causes Deliberate causes 7

Risk Perception Perception of risk ---> behavioural decisions. Influenced by – Availability Heuristic, Optimism Bias, Level of control, level of knowledge, Risk Compensation, Cumulative Risks, Influence of familiarity, Influence of framing, Personality & Cognitive style, Influence of social factors Insiders’ threat – Extension of OB studies 8

Mitigation – Inputs for training? – Enforce baseline security policies and procedures – Extend traditional policy and guidance – Conduct ongoing personnel checks – Implement focused risk assessments – Training for awareness & behavioural change 9

Basis? Evidence-based approach? – School of medicine – Public policy – Can be extended for curriculum design 10

Source of Attack EY (2015) Respondents, 60 countries, 25 sectors, June

Changing Behaviour Symantec (2015). Internet Security Threat Report 12

The Need “more robust evidence-based cyber security policy making is needed, an area which is generally not covered by cyber security strategies” (OECD, 2012) 13

Looking for evidence Search – keywords – Academic databases From 2010 Non-technical content Empirical papers 42 papers Inputs for training / Education? 14

The field Perceptual data studies – Mix of Quanti. & Quali. studies – Experts as respondents – Self reporting data / Survey Security Perception & behavior studies – Awareness – knowledge & consequences – Intention – Password – Creation & sharing behavior – Low – Cyber crime experiences (Mostly phishing s!) Adequate insights for employees’ & users’ training – Taxonomy Taxonomy 15

Gaps Need for causal studies of users / victims – Not causally linked to loss Social factors as differentiators – Missing – Gender, Age, Education, Class Device Contexts – Mobile devices Differing information eco system – Impact of network externalities 16

Future directions Human factors in Cyber Security – Inputs for policy making Scope for filling the gaps Compete with technologists Computer scientists as advisors Challenging methodologies – Beyond survey 17

Q & A? 18

Thank you! 19

Taxonomy…… 20 Stanton et al. (2005)