Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

A preliminary analysis on the emotional impact of synchronous, collaborative CAD tools

Thesis: S.B., Massachusetts Institute of Technology, Department of Mechanical Engineering, 2018.Cataloged from PDF version of thesis.Includes bibliographical references (page 29).This thesis seeks to explore the effectiveness or lack thereof of synchronous, collaborative CAD software, and compare the performance of individuals utilizing such software to one another. Two platforms were used, Solidworks and Onshape, in which the latter had both an independent and a synchronous, collaborative option available. 16 individuals who were already familiar with CAD tools participated in the study, with each utilizing one of the prescribed workflows for the entirety of the hour long trial. Video of the participant's faces and onscreen interaction with the software was recorded throughout the duration of a prescribed task, and the video was utilized in the analysis section of this study. An in depth empirical and statistical analysis is subsequently outlined, and is intended to be utilized as a stepping stone to a later study that will correlate the emotional analysis summarized here with another study dedicated to the user interaction with the software.by Cameron Arnet.S.B

On the Recognition of Emotion from Physiological Data

This work encompasses several objectives, but is primarily concerned with an experiment where 33 participants were shown 32 slides in order to create ‗weakly induced emotions‘. Recordings of the participants‘ physiological state were taken as well as a self report of their emotional state. We then used an assortment of classifiers to predict emotional state from the recorded physiological signals, a process known as Physiological Pattern Recognition (PPR). We investigated techniques for recording, processing and extracting features from six different physiological signals: Electrocardiogram (ECG), Blood Volume Pulse (BVP), Galvanic Skin Response (GSR), Electromyography (EMG), for the corrugator muscle, skin temperature for the finger and respiratory rate. Improvements to the state of PPR emotion detection were made by allowing for 9 different weakly induced emotional states to be detected at nearly 65% accuracy. This is an improvement in the number of states readily detectable. The work presents many investigations into numerical feature extraction from physiological signals and has a chapter dedicated to collating and trialing facial electromyography techniques. There is also a hardware device we created to collect participant self reported emotional states which showed several improvements to experimental procedure

KEER2022

Avanttítol: KEER2022. DiversitiesDescripció del recurs: 25 juliol 202

Chameleons In A Kaleidoscope: How it Feels to Work in Partnership as a Sure Start Manager

This thesis examines some ways in which the emotional experience of Sure Start managers can be understood using story methodology. Sure Start was a partnership initiative introduced by New Labour in 1999 to support families with children aged 0-4 in areas of deprivation. Data was constructed using fictional stories about how it feels to work in partnership, told and used as a basis for discussion in peer groups. Interpretation of the data suggested that Sure Start managers use discretion and judgement in the workplace to manage their own emotions and the emotions of others. However, their choices in doing this appear to be limited by the prevailing power structures. These include the lack of a professional emotional vocabulary, which effectively silences work related emotion talk. The managers resist these limitations by finding 'unmanageable spaces' (Gabriel 2003) to share stories about their work in personal language. This helps them to make sense of their emotional experiences. This research found that Sure Start managers needed to draw on a wide emotional range to create convincing emotional performances at work. This enriches the conceptualisation of emotional labour in the emotion literature, and offers performance as a new theme for the partnership literature. Initial suggestions for links between specific emotional responses and themes in the partnership literature offer a new area for exploration within that literature. The distinction between professional languages and personal language enhances the account of the relationship between emotion and language in the emotion literature. Despite the limitations on them, Sure Start managers are evidently skilful, resourceful 'emotion entrepreneurs'. However, it seems that the marginalisation of emotion in their working environment is likely to be detrimental to the well-being of the managers, their staff, and their service users. This has implications for the policy and practice of managing public sector partnerships

“Be a Pattern for the World”: The Development of a Dark Patterns Detection Tool to Prevent Online User Loss

Dark Patterns are designed to trick users into sharing more information or spending more money than they had intended to do, by configuring online interactions to confuse or add pressure to the users. They are highly varied in their form, and are therefore difficult to classify and detect. Therefore, this research is designed to develop a framework for the automated detection of potential instances of web-based dark patterns, and from there to develop a software tool that will provide a highly useful defensive tool that helps detect and highlight these patterns

Minding the Gap: Computing Ethics and the Political Economy of Big Tech

In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology

Technical Debt is an Ethical Issue

We introduce the problem of technical debt, with particular focus on critical infrastructure, and put forward our view that this is a digital ethics issue. We propose that the software engineering process must adapt its current notion of technical debt – focusing on technical costs – to include the potential cost to society if the technical debt is not addressed, and the cost of analysing, modelling and understanding this ethical debt. Finally, we provide an overview of the development of educational material – based on a collection of technical debt case studies - in order to teach about technical debt and its ethical implication