'Give Me Structure':Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center

Current threat analysis processes followed by tier-1 (T1) analysts in a Security Operation Center (SOC) rely mainly on tacit knowledge, and can differ greatly across analysts. The lack of structure and clear objectives to T1 analyses makes operative inefficiencies hard to spot, SOC performance hard to measure (and therefore improve), results in overall lower security for the monitored environment(s), and contributes to analyst burnout. In this work we collaborate with a commercial SOC to devise a 4-stage (network) process to support the collection and analysis of relevant information for threat analysis. We conduct an experiment with ten T1 analysts employed in the SOC and show that analysts following the proposed process are 2.5 times more likely to produce an accurate assessment than analysts who do not. We evaluate qualitatively the effects of the process on analysts decisions, and discuss implications for practice and research

Determinants of Domestic Risk Prevention Behavior: The Importance of Separating Effects Within-Persons and Between-Persons

The effects of vulnerability, severity, costs, effort, and effectiveness on prevention behavior, derived from protection motivation theory and the health belief model, have been extensively tested in the literature and have all been shown to predict rather well. In this study we test the effects of these determinants in a new context: the domestic risk prevention domain. The specific behaviors under study are related to the risks of burglary, fire, and water damage. In addition to previous studies, our multilevel research design allows us to evaluate which differences in the performance of domestic prevention behavior can be attributed to differences between persons and which to differences between behaviors within persons. Our results show that all determinants are relevant predictors for domestic risk prevention behavior. Disentangling the within-person and between-person effects shows that prevention behavior depends more on the relative evaluation of the prevention behavior determinants for a given person (e.g., a person perceives a smoke alarm to be more effective than antiburglar strips), than on the differences between persons regarding the general perception of these determinants (e.g., some persons find prevention behaviors in general more effective than other persons). To increase the performance of domestic risk prevention behaviors, we advise that interventions should focus on increasing a person's perception of risks and prevention behaviors relative to other risks and prevention behaviors rather than focusing on changing people's general perceptions of all risks and behaviors or focusing on specific target groups

Playing with fire : understanding how experiencing a fire in an immersive virtual environment affects prevention behavior

A potentially effective way to influence people's fire prevention behavior is letting them experience a fire in an immersive virtual environment (IVE). We analyze the effects of experiencing a fire in an IVE (versus an information sheet) on psychological determinants of behavior-knowledge, vulnerability, severity, self-efficacy, and locus of control-based mainly on arguments from Protection Motivation Theory and the Health Belief Model. Crucial in our setup is that we also relate these determinants to actual prevention behavior. Results show that IVE has the hypothesized effects on vulnerability, severity, and self-efficacy, and an unexpected negative effect on knowledge. Only knowledge and vulnerability showed subsequent indirect effects on actual prevention behavior. There remains a direct positive effect of IVE on prevention behavior that cannot be explained by any of the determinants. Our results contradict the implicit assumption that an induced change in these psychological determinants by IVE, necessarily implies a change in behavior. A recommendation for research on the effects of IVE's is, whenever possible, to study the actual target behavior as well

A sociological view on hierarchical failure: The effect of organizational rules on exchange performance in buyer-supplier transactions

The classic Transaction Cost Economics view is that a key reason for firms to exist is that they offer a way to overcome problematic market transactions. If it is too complicated, expensive, or risky to buy a good on the market, consider hiring employees to make it in-house - especially if it is a good that you (and others) might need often. The implicit argument is that, for this reason, firms are a potentially rational response to less advantageous markets. However, firms are rational responses only when they themselves are organized in a way that is efficient enough to outperform the market. We consider firms’ hierarchical efficiency by analyzing the existence and consequences of rules and procedures, effectively testing two competing arguments. On the one hand, rules and procedures are one way in which firms can achieve efficiency, through specialization and formalization of what a firm has learned. On the other hand, rules can be imprecise and rigid, a nuisance to deal with, and just coincidental traces of what has gone wrong in the past. Using a database of more than 800 transactions in which German small and medium sized businesses buy ICT products and services, we consider the role of rules and procedures in a large-scale quantitative way. It turns out that rules show a pyramid-like structure where some firms have less and others have more codified rules. Our results furthermore suggest that rules might not be the clotted efficiency they have been argued to be. A high rule-density goes with increased investments in contracting (“thicker contracts”) and not with decreased ex post transaction problems, questioning the benefits of rules as a way to favor firms over markets

The Effects of Explanations in Automated Essay Scoring Systems on Student Trust and Motivation

Ethical considerations, including transparency, play an important role when using artificial intelligence (AI) in education. Explainable AI has been coined as a solution to provide more insight into the inner workings of AI algorithms. However, carefully designed user studies on how to design explanations for AI in education are still limited. The current study aimed to identify the effect of explanations of an automated essay scoring system on students’ trust and motivation. The explanations were designed using a needs-elicitation study with students in combination with guidelines and frameworks of explainable AI. Two types of explanations were tested: full-text global explanations and an accuracy statement. The results showed that both explanations did not have an effect on student trust or motivation compared to no explanations. Interestingly, the grade provided by the system, and especially the difference between the student’s self-estimated grade and the system grade, showed a large influence. Hence, it is important to consider the effects of the outcome of the system (here: grade) when considering the effect of explanations of AI in education

A sociological view on hierarchical failure:The effect of organizational rules on exchange performance in buyer-supplier transactions

The classic Transaction Cost Economics view is that a key reason for firms to exist is that they offer a way to overcome problematic market transactions. If it is too complicated, expensive, or risky to buy a good on the market, consider hiring employees to make it in-house - especially if it is a good that you (and others) might need often. The implicit argument is that, for this reason, firms are a potentially rational response to less advantageous markets. However, firms are rational responses only when they themselves are organized in a way that is efficient enough to outperform the market. We consider firms’ hierarchical efficiency by analyzing the existence and consequences of rules and procedures, effectively testing two competing arguments. On the one hand, rules and procedures are one way in which firms can achieve efficiency, through specialization and formalization of what a firm has learned. On the other hand, rules can be imprecise and rigid, a nuisance to deal with, and just coincidental traces of what has gone wrong in the past. Using a database of more than 800 transactions in which German small and medium sized businesses buy ICT products and services, we consider the role of rules and procedures in a large-scale quantitative way. It turns out that rules show a pyramid-like structure where some firms have less and others have more codified rules. Our results furthermore suggest that rules might not be the clotted efficiency they have been argued to be. A high rule-density goes with increased investments in contracting (“thicker contracts”) and not with decreased ex post transaction problems, questioning the benefits of rules as a way to favor firms over markets

Advances in the sociology of trust and cooperation: Theory, experiments, and field studies

The problem of cooperation and social order is one of the core issues in the social sciences. The key question is how humans, groups, institutions, and countries can avoid or overcome the collective good dilemmas that could lead to a Hobbesian war of all against all. Using the general set of social dilemmas as a paradigmatic example, rigorous formal analysis can stimulate scientific progress in several ways. The book, consisting of original articles, provides state of the art examples of research along these lines: theoretical, experimental, and field studies on trust and cooperation. The theoretical work covers articles on trust and control, reputation formation, and paradigmatic articles on the benefits and caveats of abstracting reality into models. The experimental articles treat lab based tests of models of trust and reputation, and the effects of the social and institutional embeddedness on behavior in cooperative interactions and possibly emerging inequalities. The field studies test these models in applied settings such as cooperation between organizations, informal care, and different kinds of collaboration networks. The book will be exemplary for rigorous sociology and social sciences more in general in a variety of ways: There is a focus on effects of social conditions, in particular different forms of social and institutional embeddedness, on social outcomes. Theorizing about and testing of effects of social contexts on individual and group outcomes is one of the main aims of sociological research. Modelling efforts include formal explications of micro-macro links that are typically easily overlooked when argumentation is intuitive and impressionistic Extensive attention is paid to unintended effects of intentional behavior, another feature that is a direct consequence of formal theoretical modelling and in-depth data-analyses of the social processe