321,836 research outputs found
An Overview of Economic Approaches to Information Security Management
The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions
A Measure for Ending Hunger in the United States
Hunger is a persistent problem in the United States. In 1999, three percent of U.S. households (more than 7.5 million people) were food insecure with hunger.2(p7) An additional seven percent of households (more than 23 million people) were food insecure without hunger. In all, 31 million Americans, including 12 million children, did not have enough food to meet their basic needs.In response, PARTNERS IN ENDING HUNGER (a grass-roots organization with over 17 years of experience) has declared itself an organization accountable for providing communities with the tools and training necessary to create and implement effective action plans for ending hunger (see Appendix A). Two essential tools for this work are: (1) a direct and accurate way to measure hunger in a community and (2) criteria that define when hunger has ended.The hunger measure PARTNERS has chosen is the U.S. Household Food Security Measure. It is a survey instrument and severity scale developed under the joint leadership of the U.S. Departments of Agriculture (USDA) and Health and Human Services (HHS). It has been used to measure the extent of hunger at national and state levels since 1995 and was specifically designed to be used at the local level as well.Building on distinctions and definitions presented in the U.S. Household Food Security Measure, PARTNERS has established criteria that define when hunger in a community has ended. According to PARTNERS' criteria, a community has ended hunger when, for two consecutive years, the results of the U.S. Household Food Security Measure show that none of the community's households have members who experience hunger and four percent or fewer of the community's households experience food insecurity. PARTNERS asserts that when communities meet these criteria and sustain these results over time, they have ended the persistence of hunger. These communities will then serve as models and catalysts for other communities to do the same
Sense about science - making sense of crime
Booklet 'Making Sense of Crime' published by registered charity 'Sense About Science'Thereās always heated debate about crime in the media and a lot of political argument about how we should respond to it. But these arguments rarely provide insight into what actually causes crime, what lies behind trends over time and in different places, and how best to go about reducing it. Values inform how a society decides to deal with crime. We may decide that rehabilitation is a better principle than punishment, and this will influence how we decide what is most effective. However, we also expect these choices to be disciplined by sound evidence, because if crime policy ignores what works and what doesnāt, there are likely to be bad social consequences. And with over Ā£10bn spent annually on tackling crime through the police, prisons, probation and courts, unless we look at evidence we canāt see how effective any of it is. Crime policy usually has twin aims ā to prevent crime, and to seek justice by punishing those who commit offences. Research shows thereās only a loose link, if any, between the way offenders are punished and the number of offences committed. There is no reliable evidence for example, that capital punishment reduces serious crimes as its supporters claim. Yet politicians and commentators regularly claim that more punishments are a way to cut crime. Academic, government and community organisations have all said crime policies need to be based more on evidence, but much of the evidence available at the moment is poor or unclear. Debates about crime rarely reflect how strong the evidence behind opposing policies is, and even when politicians honestly believe theyāre following the evidence, they tend to select evidence that supports their political views.
This guide looks at some of the key things we do know and why it has been so difficult to make sense of crime policy. An important point throughout is that policymakers sometimes have to make decisions when things are not clear-cut. They have a better chance of making effective policies if they admit to this uncertainty ā and conduct robust research to find out more. In the following pages we have shared insights from experts in violent crime, policing, crime science, psychology and the mediaās influence on the crime debate. They donāt have all the answers, but we hope they leave you better-placed to hold policymakers and commentators to account and promote a more useful discussion about crime
Recommended from our members
A qualititative approach to HCI research
Whilst science has a strong reliance on quantitative and experimental methods, there are many complex, socially based phenomena in HCI that cannot be easily quantified or experimentally manipulated or, for that matter, ethically researched with experiments. For example, the role of privacy in HCI is not obviously reduced to numbers and it would not be appropriate to limit a person's privacy in the name of research. In addition, technology is rapidly changing ā just think of developments in mobile devices, tangible interfaces and so on ā making it harder to abstract technology from the context of use if we are to study it effectively. Developments such as mediated social networking and the dispersal of technologies in ubiquitous computing also loosen the connection between technologies and work tasks that were the traditional cornerstone of HCI. Instead, complex interactions between technologies and ways of life are coming to the fore. Consequently, we frequently find that we do not know what the real HCI issues are before we start our research. This makes it hard, if not actually impossible, to define the variables necessary to do quantitative research, (see Chapter 2).
Within HCI, there is also the recognition that the focus on tasks is not enough to design and implement an effective system. There is also a growing need to understand how usability issues are subjectively and collectively experienced and perceived by different user groups (Pace, 2004; Razavim and Iverson, 2006). This means identifying the users' emotional and social drives and perspectives; their motivations, expectations, trust, identity, social norms and so on. It also means relating these concepts to work practices, communities and organisational social structures as well as organisational, economic and political drivers. These issues are increasingly needed in the design, development and implementation of systems to be understood both in isolation and as a part of the whole.
HCI researchers are therefore turning to more qualitative methods in order to deliver the research results that HCI needs.With qualitative research, the emphasis is not on measuring and producing numbers but instead on understanding the qualities of a particular technology and how people use it in their lives, how they think about it and how they feel about it. There are many varied approaches to qualitative research within the social sciences depending on what is being studied, how it can be studied and what the goals of the research are.Within HCI, though, grounded theory has been found to provide good insights that address well the issues raised above (Pace, 2004; Adams, Blandford and Lunt, 2005; Razavim and Iverson, 2006).
The purpose of this chapter is to give an overview of how grounded theory works as a method. Quantitative research methods adopt measuring instruments and experimental manipulations that can be repeated by any researcher (at least in principle) and every effort is made to reduce the influence of the researcher on the researched, which is regarded as a source of bias or error. In contrast, in qualitative research, where the goal is understanding rather than measuring and manipulating, the subjectivity of the researcher is an essential part of the production of an interpretation. The chapter therefore discusses how the influence of the researcher can be ameliorated through the grounded theory methodology whilst also acknowledging the subjective input of the researcher through reflexivity. The chapter also presents a case study of how grounded theory was used in practice to study people's use and understanding of computer passwords and related security
A Comparative Usability Study of Two-Factor Authentication
Two-factor authentication (2F) aims to enhance resilience of password-based
authentication by requiring users to provide an additional authentication
factor, e.g., a code generated by a security token. However, it also introduces
non-negligible costs for service providers and requires users to carry out
additional actions during the authentication process. In this paper, we present
an exploratory comparative study of the usability of 2F technologies. First, we
conduct a pre-study interview to identify popular technologies as well as
contexts and motivations in which they are used. We then present the results of
a quantitative study based on a survey completed by 219 Mechanical Turk users,
aiming to measure the usability of three popular 2F solutions: codes generated
by security tokens, one-time PINs received via email or SMS, and dedicated
smartphone apps (e.g., Google Authenticator). We record contexts and
motivations, and study their impact on perceived usability. We find that 2F
technologies are overall perceived as usable, regardless of motivation and/or
context of use. We also present an exploratory factor analysis, highlighting
that three metrics -- ease-of-use, required cognitive efforts, and
trustworthiness -- are enough to capture key factors affecting 2F usability.Comment: A preliminary version of this paper appears in USEC 201
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
Deliver security awareness training, then repeat:{deliver; measure efficacy}
Organisational information security policy contents are disseminated by awareness and training drives. Its success is usually judged based on immediate post-training self-reports which are usually subject to social desirability bias. Such self-reports are generally positive, but they cannot act as a proxy for actual subsequent behaviours.This study aims to formulate and test a more comprehensive way of measuring the efficacy of these awareness and training drives, called ASTUTE. We commenced by delivering security training. We then assessed security awareness (post-training), and followed up by measuring actual behaviours. When we measured actual behaviours after a single delivery of security awareness training, the conversion from intention to behaviour was half of the desired 100%. We then proceeded to deliver the training again, another two times.The repeated training significantly reduced the gap between self-reported intention and actual secure behaviours
Quantum Copy-Protection and Quantum Money
Forty years ago, Wiesner proposed using quantum states to create money that
is physically impossible to counterfeit, something that cannot be done in the
classical world. However, Wiesner's scheme required a central bank to verify
the money, and the question of whether there can be unclonable quantum money
that anyone can verify has remained open since. One can also ask a related
question, which seems to be new: can quantum states be used as copy-protected
programs, which let the user evaluate some function f, but not create more
programs for f? This paper tackles both questions using the arsenal of modern
computational complexity. Our main result is that there exist quantum oracles
relative to which publicly-verifiable quantum money is possible, and any family
of functions that cannot be efficiently learned from its input-output behavior
can be quantumly copy-protected. This provides the first formal evidence that
these tasks are achievable. The technical core of our result is a
"Complexity-Theoretic No-Cloning Theorem," which generalizes both the standard
No-Cloning Theorem and the optimality of Grover search, and might be of
independent interest. Our security argument also requires explicit
constructions of quantum t-designs. Moving beyond the oracle world, we also
present an explicit candidate scheme for publicly-verifiable quantum money,
based on random stabilizer states; as well as two explicit schemes for
copy-protecting the family of point functions. We do not know how to base the
security of these schemes on any existing cryptographic assumption. (Note that
without an oracle, we can only hope for security under some computational
assumption.)Comment: 14-page conference abstract; full version hasn't appeared and will
never appear. Being posted to arXiv mostly for archaeological purposes.
Explicit money scheme has since been broken by Lutomirski et al
(arXiv:0912.3825). Other quantum money material has been superseded by
results of Aaronson and Christiano (coming soon). Quantum copy-protection
ideas will hopefully be developed in separate wor
Beyond Bullets and Bombs: Fixing the U.S. Approach to Development in Pakistan
Explains the rationale for a clear U.S. strategy for Pakistan's development, ways to improve planning and implementation, and policy recommendations for supporting the private sector through trade and investment and targeting aid for long-term impact
- ā¦