Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

Full Body Interaction beyond Fun: Engaging Museum Visitors in Human-Data Interaction

Engaging museum visitors in data exploration using full-body interaction is still a challenge. In this paper, we explore four strategies for providing entry-points to the interaction: instrumenting the floor; forcing collaboration; implementing multiple body movements to control the same effect; and, visualizing the visitors' silhouette beside the data visualization. We discuss preliminary results of an in-situ study with 56 museum visitors at Discovery Place, and provide design recommendations for crafting engaging Human-Data Interaction experiences

Conflict and Computation on Wikipedia: a Finite-State Machine Analysis of Editor Interactions

What is the boundary between a vigorous argument and a breakdown of relations? What drives a group of individuals across it? Taking Wikipedia as a test case, we use a hidden Markov model to approximate the computational structure and social grammar of more than a decade of cooperation and conflict among its editors. Across a wide range of pages, we discover a bursty war/peace structure where the systems can become trapped, sometimes for months, in a computational subspace associated with significantly higher levels of conflict-tracking "revert" actions. Distinct patterns of behavior characterize the lower-conflict subspace, including tit-for-tat reversion. While a fraction of the transitions between these subspaces are associated with top-down actions taken by administrators, the effects are weak. Surprisingly, we find no statistical signal that transitions are associated with the appearance of particularly anti-social users, and only weak association with significant news events outside the system. These findings are consistent with transitions being driven by decentralized processes with no clear locus of control. Models of belief revision in the presence of a common resource for information-sharing predict the existence of two distinct phases: a disordered high-conflict phase, and a frozen phase with spontaneously-broken symmetry. The bistability we observe empirically may be a consequence of editor turn-over, which drives the system to a critical point between them.Comment: 23 pages, 3 figures. Matches published version. Code for HMM fitting available at http://bit.ly/sfihmm ; time series and derived finite state machines at bit.ly/wiki_hm

The effectiveness of intersection attack countermeasures for graphical passwords

Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively examined. One possible attack which has been discussed without this examination is an intersection attack. If we can establish which countermeasures for this attack are effective, this will provide insight which will make it possible to select the appropriate countermeasure for the level of security required by a given system. Our approach involved creating a simulation of intersection attacks using each of five possible counter measures. The number of attacks which had to be performed before success for each approach was noted and compared to a control where no counter measure was implemented. Our results show that for three of the five countermeasures there was a significant increase in the number of attacks before success, one showed a significant decrease and the other did not show any statistical significance. We show that it is not decisive that using dummy screens when an incorrect image is selected will increase the number of attacks required. We also show that increasing the number of challenge screens reduces the number of attacks required before success as the number of challenge screens approaches the size of the passimage set. Our results allow one to make a more reliable choice of countermeasure to reduce intersection attacks