Want to understand how we incorporate behavior science and cyber security? Download the presentation we gave to the Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference in August, 2015.
20 tips for information security around human factors and human errorToru Nakata
Most of information leakage are caused by human errors of employee not by the outsiders. Here are some key tips to protect the information security with keeping efficiency of business.
Dr. Hend Ezzeddinne, Cyber Security Practice Director for Expressworks, gave this talk at Austin Bsides conference in March. Folks there were quick to acknowledge that technology is not enough. Hackers are targeting human brains. Hend's talk provides insights into what can be done to help users and companies be more cyber resilient.
Josh Dean, OPSWAT's Director of IT, recently created a slide deck providing users a brief overview of network security then and now, along with simple steps they can take to protect essential data and maintain the security their network. Feel free to share within your organization, and contact us if you have any questions!
The need for effective information security awareness practices.CAS
Introduction
Internet usage in Oman
IT Security incidents in Oman
Proposed work
Key findings
Effective usage
Organization network awareness
Threat awareness
Password management
Content awareness
Security practices awareness
ITSACAS Approach
Conclusion
Want to understand how we incorporate behavior science and cyber security? Download the presentation we gave to the Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference in August, 2015.
20 tips for information security around human factors and human errorToru Nakata
Most of information leakage are caused by human errors of employee not by the outsiders. Here are some key tips to protect the information security with keeping efficiency of business.
Dr. Hend Ezzeddinne, Cyber Security Practice Director for Expressworks, gave this talk at Austin Bsides conference in March. Folks there were quick to acknowledge that technology is not enough. Hackers are targeting human brains. Hend's talk provides insights into what can be done to help users and companies be more cyber resilient.
Josh Dean, OPSWAT's Director of IT, recently created a slide deck providing users a brief overview of network security then and now, along with simple steps they can take to protect essential data and maintain the security their network. Feel free to share within your organization, and contact us if you have any questions!
The need for effective information security awareness practices.CAS
Introduction
Internet usage in Oman
IT Security incidents in Oman
Proposed work
Key findings
Effective usage
Organization network awareness
Threat awareness
Password management
Content awareness
Security practices awareness
ITSACAS Approach
Conclusion
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
Let your team understand the importance of Computer security with the assistance of our Cyber Security PowerPoint Presentation Deck. In today’s time, it is quite essential to pay attention towards the protection of computer systems from theft or damage as there is a every chance of your data being accessed by someone else. Our creative designing team has crafted this PPT Deck with 17 slides for you to share the information related to IT security. Although there are cyber security standards available but still there are people in the market who try to capture your data to either use it for their own purpose or sell it to some other organization. This presentation deck enables you to highlight the information related to cyber attacks that can create concerns such as backdoor, direct-access attacks, eavesdropping, phishing, spoofing, tampering etc. By taking certain security measures you can protect your data. Cyber Security standards attempt to protect the cyber environment of a user or an organization. The PowerPoint deck contains some slides which include information related to tips, initiatives, step to ensure that your data is protected at every step. So, download it and take precautionary steps to secure your IT system. Cater for crazy cravings with our Cybersecurity Powerpoint Presentation Slides. Find a harmless way to fulfill deep desires. https://bit.ly/3Aw6JrQ
For the second year in a row, David Monahan, security expert and research director at leading IT analyst firm Enterprise Management Associates (EMA), has delved into the world of security awareness and policy training. His latest research on this topic - with over 600 participating respondents - revealed that a tremendous shift in awareness training programs has taken place, especially across the previously underserved SMB space.
Employee Awareness in Cyber Security - KloudlearnKloudLearn
The goal of employee awareness in cybersecurity is to make employees aware of the procedures, policies, guidelines, and practices for configuring, managing, and executing cybersecurity in the organization.
State of Cyber: Views from an Industry InsiderBen Johnson
In order to understand how we might improve our defenses and our contributions to cyber safety, we must understand the power of the dark side. We look at some headline making hacks and call it some interesting aspects of those, then we shift to what can we all do for better cybersecurity and digital presence.
The complete guide on how to prevent an IT security breach.
Some of the tips include:
♦ Why keeping a clean desk matters
♦ How to avoid email threats, including five ways to block phishing attack
♦ How your employees can secure their mobile devices
♦ Website browsing best practices.
Dell balances protection, compliance and enablement to deter cyber attackers without disrupting business productivity. Find out more: http://del.ly/eD9Cjd
Brad Andrews, CEO, RBA Communications
Evaluating DREAD – Applying D.R.E.A.D. to the results of STRIDE.
This session is a continuation of Parts 1 and 2 and will apply the DREAD model to the threats we found in the previous session. We will start by discussing the elements of the DREAD model that is often used to evaluate risks to systems that are identified in threat modeling. These are Damage, Reproducibility, Exploitability, Affected Users, Discoverability. We will then work through the threats found in the previous session. This will continue the focus on Amazon.com and go to other systems if time is available. This session will expect those present to be involved in finding and suggesting values for each of the DREAD elements as they apply to the covered risks.
Why care about secure web apps?
- 7 out of 10 web apps were vulnerable to the use of a hyperlink with a malicious code embedded to it
- 1 in 3 web apps aided hackers through information leakage: when a website unintentionally or unknowingly reveals sensitive information such as error messages or developer comments.
With Web 2.0 technologies and other development platforms, applications are becoming increasingly powerful and complex
Since Kevin Mitnick coined the phrase in 2002, the cybersecurity industry has been awash with the phrase 'the human factor is the weakest link’. From vendors to researchers, engineers, hackers, and journalists, we are all fond of blaming the ‘dumb users’. In this talk I argue that when we say that the ‘human being is the weakest link in cybersecurity’, not only are we telling a lie, we are inevitably setting ourselves up for a fall.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
Let your team understand the importance of Computer security with the assistance of our Cyber Security PowerPoint Presentation Deck. In today’s time, it is quite essential to pay attention towards the protection of computer systems from theft or damage as there is a every chance of your data being accessed by someone else. Our creative designing team has crafted this PPT Deck with 17 slides for you to share the information related to IT security. Although there are cyber security standards available but still there are people in the market who try to capture your data to either use it for their own purpose or sell it to some other organization. This presentation deck enables you to highlight the information related to cyber attacks that can create concerns such as backdoor, direct-access attacks, eavesdropping, phishing, spoofing, tampering etc. By taking certain security measures you can protect your data. Cyber Security standards attempt to protect the cyber environment of a user or an organization. The PowerPoint deck contains some slides which include information related to tips, initiatives, step to ensure that your data is protected at every step. So, download it and take precautionary steps to secure your IT system. Cater for crazy cravings with our Cybersecurity Powerpoint Presentation Slides. Find a harmless way to fulfill deep desires. https://bit.ly/3Aw6JrQ
For the second year in a row, David Monahan, security expert and research director at leading IT analyst firm Enterprise Management Associates (EMA), has delved into the world of security awareness and policy training. His latest research on this topic - with over 600 participating respondents - revealed that a tremendous shift in awareness training programs has taken place, especially across the previously underserved SMB space.
Employee Awareness in Cyber Security - KloudlearnKloudLearn
The goal of employee awareness in cybersecurity is to make employees aware of the procedures, policies, guidelines, and practices for configuring, managing, and executing cybersecurity in the organization.
State of Cyber: Views from an Industry InsiderBen Johnson
In order to understand how we might improve our defenses and our contributions to cyber safety, we must understand the power of the dark side. We look at some headline making hacks and call it some interesting aspects of those, then we shift to what can we all do for better cybersecurity and digital presence.
The complete guide on how to prevent an IT security breach.
Some of the tips include:
♦ Why keeping a clean desk matters
♦ How to avoid email threats, including five ways to block phishing attack
♦ How your employees can secure their mobile devices
♦ Website browsing best practices.
Dell balances protection, compliance and enablement to deter cyber attackers without disrupting business productivity. Find out more: http://del.ly/eD9Cjd
Brad Andrews, CEO, RBA Communications
Evaluating DREAD – Applying D.R.E.A.D. to the results of STRIDE.
This session is a continuation of Parts 1 and 2 and will apply the DREAD model to the threats we found in the previous session. We will start by discussing the elements of the DREAD model that is often used to evaluate risks to systems that are identified in threat modeling. These are Damage, Reproducibility, Exploitability, Affected Users, Discoverability. We will then work through the threats found in the previous session. This will continue the focus on Amazon.com and go to other systems if time is available. This session will expect those present to be involved in finding and suggesting values for each of the DREAD elements as they apply to the covered risks.
Why care about secure web apps?
- 7 out of 10 web apps were vulnerable to the use of a hyperlink with a malicious code embedded to it
- 1 in 3 web apps aided hackers through information leakage: when a website unintentionally or unknowingly reveals sensitive information such as error messages or developer comments.
With Web 2.0 technologies and other development platforms, applications are becoming increasingly powerful and complex
Since Kevin Mitnick coined the phrase in 2002, the cybersecurity industry has been awash with the phrase 'the human factor is the weakest link’. From vendors to researchers, engineers, hackers, and journalists, we are all fond of blaming the ‘dumb users’. In this talk I argue that when we say that the ‘human being is the weakest link in cybersecurity’, not only are we telling a lie, we are inevitably setting ourselves up for a fall.
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
System Dynamics Based Insider Threats ModelingIJNSA Journal
Insider threat has been recognized as one of the most dangerous security threats and become a much more complex issue. Insider threat is resulted from the legitimate users abusing their privileges and cause tremendous damage or losses. Not always being friends, insiders can be main threats to the organization. Currently, there is no equivalent prevention solution for insider threat to an intrution prevention system or vulnerability scanner. From the survey of literature of insider threat studies, we conclude that the system dynamics (SD) is an effective tool to analyze the root causes of insider threat incidents and evaluate mitigation strategies from people, process, and technology perspectives. A generized case based SD model can be tailored and applied to analyze and evaluate specific insider threat incidents. We
present a well known insider threat incident of Taiwan and tailor the generized case based SD model to analyze it. The simulation results indicate that the risk of insider threats can be reduced and the probability of detecting insider threats can be increased.
Investigating Tertiary Students’ Perceptions on Internet SecurityITIIIndustries
Internet security threats have grown from just simple viruses to various forms of computer hacking, scams, impersonation, cyber bullying, and spyware. The Internet has great influence on most people. It has profound influence and one can spend endless hours on internet activities. In particular, youth engage in more online activities than any other age group. Excessive internet usage is an emerging threat that has negative impacts on these youth; hence it is vital to investigate youths' online behavior. This work studies tertiary students’ risk awareness, and provides some findings that allow us to understand their knowledge on risks and their behavior towards online activities. It reveals several important online issues amongst tertiary students; Firstly, the lack of online security awareness; second, a lack of awareness and information about the dangers of rootkits, internet cookies and spyware; thirdly, female students are more unflinching than male students when commenting on social networking sites; fourthly, students are cautious only when obvious security warnings are present; and finally, their usage of internet hotspots is common without fully understanding its associated danger. These findings enable us to recommend types of internet security habits and safety practices that students should adopt in future when they are exposed to online activities. A more holistic approach was considered which aims to minimize any future risks and dangers with online activities involving students.
Information Security Management in University Campus Using Cognitive SecurityCSCJournals
Nowadays, most universities offer free Internet connections, access to scientific databases, and advanced computer networks for the members of their community, which generates dynamic and complex scenarios. In this context, it is necessary to define proactive security strategies, as well as the integration of technology and research. This work presents a general vision of the experience adopted by the universities in the field of information security management using cognitive security.
Running Head: INFORMATION SECURITY VULNERABILITY 2
Information Security Vulnerability
Introduction
The most important part of any business or organization information is the security infrastructure. All information big or small, sensitive or insensitive must be protected by some degree of information security. "Navigating the multitude of existing security standards, including dedicated standards for information security and frameworks for controlling the implementation of IT, presents a challenge to organizations. Adding to the challenge is the increase in activities of terrorist groups and organized criminal syndicates” (Sipior & Ward, 2008).
Threats and Vulnerabilities
Threats and vulnerabilities are a common occurrence in regards to computer security. Computer networks that are flawed and weak are vulnerable to be exploited. The exploitation of computer networks can be done by terrorist, hackers, and an organizations or business on employee. "Inexperience, improper training, and the making of incorrect assumptions are just a few things that can cause these misadventures" (Whitman & Mattord, 2009, p. 42).
Problem Statement:
What is the protocol if an organization or business most critical information is leaked or hacked that can cause grave damage to an organization, business, or customers account information? What would be the financial situation to recover from such attack with the network? The following questions are a few questions that top management must have in information security policies.
It is most likely that any organization or business profits would decrease and the reputation of each would change. With that comes the legality responsibility of the organization or business. Owning up to a security breach within an organization or business can be detrimental to the overall health of finances throughout the organization or business as well as notifying all parties involved in the breach. Having coverage such as insurance to protect the organization or business is a must and also a great deal to protect the reputation, assets, and continue functioning overall. "Although every state breach notification law covers businesses, there are differences regarding coverage of other entities such as government agencies and third-party storage providers, as well as differences regarding the information each law defines as 'personal'" (Shaw, 2010).
Relevance and Significance:
There will always be some type of glitch with in a computer network that may deter the system from being fully secured unless the computer is not being used. Information security program goals is to deliver a level of security platforms that supports the organization or business security infrastructure at its best by meeting all requirements set forth through the policy and controls and keeping the bad guys out.
Key Concepts
Confidentiality, integrity, and availability are the largest threats of sensitive information. The need to know must be .
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docxhealdkathaleen
Running Head: ANNOTATED BIBLIOGRAPHY
ANNOTATED BIBLIOGRAPHY 6
Annotated Bibliography on Emerging Cyber Threats
[Name of Institution]
[Name of Writer]
Annotated Bibliography on Emerging Cyber Threats
Source#1
Reference: Kettani, H., & Wainwright, P. (2019, March). On the Top Threats to Cyber Systems. In 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT) (pp. 175-179). IEEE.
Summary: This article reveals the threats to the cyber systems even some of them are not known to the common people. The article defines that the latest technology has advanced the cyber systems and these advancements are attractive and beneficial in comparison to the previous systems. However, due to this sophisticated and attractive advancement the individuals, societies, and nations had become dependent on the cyber systems. These systems result in the higher gain and ease of handling since people had relying on the cyber systems. Moreover, the author argues that for the adoption of the proper defense and mitigations to the threats it is necessary to understand cyber threats. The top threats with a brief discussion of threat agents and attack vectors along with the countermeasures are mentioned so that the readers can find knowledge in this regard.
Relevance: This article is of paramount importance because it defines the importance of the topic of research. As the aim of the research is to expose the emerging cyber-attacks and the author of the article “On the Top Threats to Cyber Systems” reveals the importance of the cyber systems which is important for understanding the dependence over the cyber systems. In addition to this, the article is found worth reading because it reveals the emerging cybercrimes and ways of protection too. The study is found relevant because it reveals that cyber systems are important nowadays because they are used in the business systems, control systems, and for accessing the control systems. In other words, the articles provide an overview of the emerging threats and latest trends in the cyber systems.
Source#2
Reference: Parn, E. A., & Edwards, D. (2019). Cyber threats confronting the digital built environment. Engineering, Construction and Architectural Management.
Summary: This article determines the cyber systems attack in the sector of the digital built environment. The study gives the idea of emerging crimes that are made to threat the digital and physical assets that are used to form the digital economies. These threats are often made to affect the critical infrastructure of the smart cities. These smart cities are comprised of the cyber systems which also increase the national wealth, preserve health, and provide safety and welfare to the nation. In this regard, it is important to protect the cyber systems from the critical and emerging threats. Additionally, the article reveals the safe an ...
Cyber attack awareness and prevention in network securityIJICTJOURNAL
This article aims to provide an overview of cyber attack awareness and prevention in network security. This article discussed the different types of cyber attacks, current trends of cyber attacks, how to prevent cyber attacks and uum students' awareness of cyber attacks. First, we will go over the different types of cyber attack, current trend, impact of cyber attack and the prevention. The approach entailed comparing and observing the outcomes of 13 different papers. The survey's findings would demonstrate the results obtained after analyzing the data collection which are the questionnaire filled out by respondents after watching the cyber attack awareness video to improve awareness of students through the cyber attack. Depending on the outcome of this survey, we will have a better understanding of current students' knowledge and awareness of cyber attacks, allowing us to improve students' understanding of cyber threats and the necessity of cyber security.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
2. Computers…
◦ …are logical
◦ …are bad at making informed decisions
◦ …do not make mistakes
◦ …are designed, operated, built and maintained…
◦ … by humans
(Saariluoma 2013, TJTA103 opening lecture)
3. Humans can be…
◦ …unskilled
◦ …taking unnecessary risks
◦ …careless
◦ …tired, sick, etc.
Humans are needed to make technology work
(Saariluoma 2013, TJTA103 opening lecture)
4. Happens everywhere
◦ and all the time
Email to wrong recipient
Cashier giving too much change
More complexity, bigger impact
◦ UK: disclosed personal information on 25m citizens
◦ Italy: Costa Concordia
◦ Finland: Nokia Water Crisis
5. 3rd most significant threat in 2003(Whitman)
46% of cyber security incidents in UK 2011-
2012(Lee)
Weakest link in the cyber security chain
Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM,
46(8), 91-95.
Lee, M. G. (2012, October). Securing the human to protect the system: Human factors in cyber security. In
System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on (pp.
1-5). IET.
6. Google Scholar, IEEEXplore, sciencedirect
◦ ”Cyber Security Human Error”
◦ ”Cyber Security Human Factor”
◦ ”Usable Security”
◦ ”Cyber Security Usability”
◦ Years 2010-2016
Forward searching from articles found or read
before
7. Toward Automated Reduction of Human Errors based on
Cognitive Analysis (Miyamoto, D. & Takahashi, T. 2013)
Securing the Human to Protect the System: Human Factors
in Cyber Security (Lee, M.G. 2012)
Measuring the Human Factor of Cyber Security (Bowen et
al. 2011)
Alice in Warningland: A Large-Scale Field Study of Browser
Security Warning Effectiveness (Akhawe, D. & Felt, A. P.
2013)
Guidelines for Usable Cybersecurity: Past and Present
(Nurse et al. 2011)
8. Framework to gather data to understand
human error
Less biased than questionnaires
Cognitive psychology
◦ Monitor eye movement and facial skin temperature
when performing tasks
10. Training system to prevent phishing
Generates phishing emails and tracks the
success rate
In test group(2000 university students and
staff) no successful phishing attempts after 4
iterations
11. Study on browser warning messages
Sample of ~25m interactions
Malware warnings
◦ 7.2% Firefox, 23.2% Chrome
Good design can increase security
12. Too complex security systems might lead to
weakened security
19 design guidelines for better usability
Usability and Security do not have to be seen
as competing system goals
13. Security is rarely primary task
Not everyone is a security specialist
◦ And also the experts make errors
Human error is significant threat to
information security...
...but it can be mitigated to some extent by
design and training
14. ”Companies spend millions of dollars on
firewalls and secure access devices, and it’s
money wasted because none of these
measures address the weakest link in the
security chain: the people who use,
administer and operate computer systems”
-Kevin Mitnick