4,672 research outputs found
Digital interaction: where are we going?
In the framework of the AVI 2018 Conference, the interuniversity center ECONA has organized a thematic workshop on "Digital Interaction: where are we going?". Six contributions from the ECONA members investigate different perspectives around this thematic
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
An investigation into the âbeautificationâ of security ceremonies
âBeautiful Securityâ is a paradigm that requires security ceremonies to contribute to the âbeautyâ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our âbeautifiedâ ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully
Assessing SMEsâ cybersecurity organizational readiness: Findings from an Italian survey
The Small and Medium-sized Enterprisesâ (SMEs) level of organizational cybersecurity readiness has been poorly investigated to date. Currently, all SMEs need to maintain an adequate level of cybersecurity to run their businesses, not only those wishing to fully exploit digitalizationâs benefits. Unfortunately, due to their lack of resources, skills, and their low level of cyber awareness, SMEs often seem unprepared. It is essential that they address the digital threats that they face by using technology and complementary (and not alternative) factors, such as guidelines, formal policies, and training. All these elements trigger development processes regarding skills, awareness, the organizational cybersecurity culture, and the organizational resilience. This paper describes Italyâs first multidisciplinary attempt to assess its SMEsâ overall cybersecurity readiness level. We used a survey as its initial quantitative assessment approach, although SMEs can also use it as a cyber self-assessment tool, which prepares them better to navigate the digital ecosystem. Thereafter, we held semi-structured interviews to explore the critical points that had emerged from the studyâs first phase. The overall results show that SMEs have not yet achieved high levels of organizational readiness. SMEs are currently starting to set the stage for their organizational cyber readiness and will, therefore, have to take many more proactive steps to address their cyber challenges
The Effect of Security Education and Expertise on Security Assessments: the Case of Software Vulnerabilities
In spite of the growing importance of software security and the industry
demand for more cyber security expertise in the workforce, the effect of
security education and experience on the ability to assess complex software
security problems has only been recently investigated. As proxy for the full
range of software security skills, we considered the problem of assessing the
severity of software vulnerabilities by means of a structured analysis
methodology widely used in industry (i.e. the Common Vulnerability Scoring
System (\CVSS) v3), and designed a study to compare how accurately individuals
with background in information technology but different professional experience
and education in cyber security are able to assess the severity of software
vulnerabilities. Our results provide some structural insights into the complex
relationship between education or experience of assessors and the quality of
their assessments. In particular we find that individual characteristics matter
more than professional experience or formal education; apparently it is the
\emph{combination} of skills that one owns (including the actual knowledge of
the system under study), rather than the specialization or the years of
experience, to influence more the assessment quality. Similarly, we find that
the overall advantage given by professional expertise significantly depends on
the composition of the individual security skills as well as on the available
information.Comment: Presented at the Workshop on the Economics of Information Security
(WEIS 2018), Innsbruck, Austria, June 201
Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment
Purpose â Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprisesâ (SMEs) overall level of organizational cybersecurity readiness.
Design/methodology/approach â This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.
Findings â Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.
Originality/value â Although the importance of SMEs is obvious, evidence of such organizationsâ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness
- âŠ