24,648 research outputs found
Recommended from our members
Developing a usable security approach for user awareness against ransomware
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThe main purpose of the research presented in this thesis is to design and develop
a game prototype for improving user awareness against ransomware, which has been
reported as the most significant cyber security threat to the United Kingdom by the
National Cyber Security Centre. Digital transformation is helping individuals, organisations,
governments and Industrial control systems to modernise and improve
their effectiveness. At the same time, cyber crimes are evolving and targeting essential
services. A successful cyber attack can compromise users’ privacy, bring bad
publicity and financial damage to organisations and target national security.
A literature review was conducted to understand threats to the cyber social
system. Literature in this thesis reports attackers exploit humans as the weakest
link to execute successful security breaches. Therefore to address this challenge, a
significant gap has been identified as an opportunity to contribute to user awareness
of the ransomware cyber security threat.
The current thesis proposes RansomAware a novel game prototype to improve
user awareness. The game is based on Technology Threat Avoidance Theory (TTAT)
model. In this thesis two studies are carried out, study 1 empirically validates the
elements of TTAT to be embedded in the RansomAware prototype and reports a
significant change in users’ motivation to avoid ransomware cyber security threat
55% and avoidance behaviour 29%, whereas study 2 evaluates game usability and
report significant results of SUS average score of 87.58 and statistical results of p <
0.01 indicate user’s satisfaction of the RansomAware. Finally, the research provides
guidelines on how the proposed RansomAware game can be adopted by practitioners
and individuals to improve their awareness against the ransomware cyber security
threat
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
- …