Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Ethical guidelines for nudging in information security & privacy

There has recently been an upsurge of interest in the deployment of behavioural economics techniques in the information security and privacy domain. In this paper, we consider first the nature of one particular intervention, the nudge, and the way it exercises its influence. We contemplate the ethical ramifications of nudging, in its broadest sense, deriving general principles for ethical nudging from the literature. We extrapolate these principles to the deployment of nudging in information security and privacy. We explain how researchers can use these guidelines to ensure that they satisfy the ethical requirements during nudge trials in information security and privacy. Our guidelines also provide guidance to ethics review boards that are required to evaluate nudge-related research

Regeneration Research

Imagine losing an eye, an arm or even your spinal cord. When we are wounded, our bodies, and those of other mammals, generally respond by sealing the wound with scar tissue. The newt, however, can repeatedly regenerate lost tissues, even as an adult. Recent research led by University of Dayton Biology Professor Panagiotis A. Tsonis and Chikafumi Chiba at the University of Tsukuba in Japan, published in the current volume of the prestigious journal Nature Communications, has shed some light on the newt’s exceptional regenerative ability and may provide further insight into regeneration in other species, including mammals

Encouraging password manager use

Password managers are a marvellous invention – essentially removing the pain that comes from trying to remember multiple, complex passwords. Yet adoption rates are low, which seems strange because no-one tries to memorise all their contacts' telephone numbers. There are many free password manager apps, so cost is not a deterrent. So, what is going on

Why Johnny Fails to Protect his Privacy

Albeit people worldwide cry out for the protection of their privacy, they often fail to successfully protect their private data. Possible reasons for this failure that have been identified in previous research include a lack of knowledge about possible privacy consequences, the negative outcome of a rational cost-benefit analysis, and insufficient ability for protection on the users’ side. However, these findings mainly base on theoretical considerations or results from quantitative studies, and no comprehensive explanation for users’ privacy behavior has been found so far. We thus conducted an interview study with 24 participants to qualitatively investigate what are (1) users’ mental models of privacy consequences, (2) obstacles for privacy protection, and (3) strategies for privacy protection. Our results provide evidence for all possible explanations: We find that most of our participants are indeed unaware of most consequences that could result from not protecting their privacy besides personalized advertisement and financial loss. We also identify several obstacles for privacy protection, such as protection being too much effort, too complicated, users lacking knowledge, or social aspects. Protection strategies mostly base on reducing the amount of data disclosed and most users refrain from using advanced PETs. We further identified additional factors which influence whether people adopt measures to protect their privacy and propose a model which subsumes all factors that are relevant for people’s decision to apply protection measures

Exploring cybersecurity-related emotions and finding that they are challenging to measure

This paper reports on a three-part investigation into people’s perceptions of cybersecurity, based on their lived experiences. We sought thereby to reveal issues located within the Johari grid’s “Blind Spot” quadrant. We utilized research methodologies from both the Arts and Science in order firstly to identify blind spot issues, and secondly to explore their dimensions. Our investigation confirmed a number of aspects that we were indeed aware of, when it came to people’s lived cybersecurity experiences. We also identified one particular blind spot issue: widespread, but not universal, negativity towards cybersecurity. We then carried out an investigation using a recognized methodology from psychology, as a first attempt to assess the nature of this negativity and to get a sense of its roots. What our initial experiment revealed was that scoping cybersecurity-related emotions is nontrivial and will require the formulation of new measurement tools. We conclude by reporting on the challenges, to inform researchers who plan to extend the research reported in this paper

Evaluación de los efectos no canónicos de cortisol sobre la activación de las vías PKA y PKC y la expresión de genes pro miogénicos en miotubos de trucha arcoíris (Oncorhynchus mykiss)

Tesis (Ingeniero en Biotecnología)Los glucocorticoides son reguladores críticos de los procesos celulares que le permiten a los vertebrados lidiar con estresores. En el caso de los teleósteos, el cortisol es la principal hormona glucocorticoide circulante y está involucrado en una serie de procesos fisiológicos a nivel celular. Se ha descrito que cortisol ejerce sus efectos celulares a través de dos mecanismos: la vía de señalización genómica o clásica, y la vía no genómica o iniciada en la superficie. La señalización genómica, que involucra la interacción de cortisol con sus receptores intracelulares, ha sido ampliamente estudiada. Sin embargo, la señalización no genómica recién se ha empezado a caracterizar. Dentro de las vías descritas que están involucradas en esta señalización no genómica de cortisol se encuentran las vías mediadas por PKA y PKC, que se describen en diferentes tejidos en vertebrados, y más recientemente en cultivo de hepatocitos de trucha arcoíris. A pesar de ello, en el caso de músculo esquelético en teleósteos, éstas no han sido estudiadas. Por lo tanto, en este trabajo evaluamos la contribución de la vía no genómica de cortisol sobre la modulación de PKA y PKC en un cultivo primario de miotubos de trucha arcoíris (Oncorhynchus mykiss). Además, determinamos la participación de estas vías en la expresión de genes pro miogénicos claves para el crecimiento y diferenciación del músculo esquelético. Para este propósito, los miotubos fueron estimulados con dosis fisiológicas de cortisol y cortisol-BSA (inductor exclusivo de efectos de cortisol iniciados en la superficie celular). Luego se evaluó mediante Western blot la activación de PKA, PKC y CREB en este modelo in vitro, donde se observó una activación temprana de PKC y PKA a 15 y 60 minutos de estimulación con cortisol-BSA, respectivamente, además de una tendencia a la activación de CREB a 30 minutos de estimulación, denotando una posible modulación por la acción no genómica de cortisol. Adicionalmente, los miotubos se pre-trataron con el inhibidor H-89 para PKA, para comprobar el rol directo de esta vía en la señalización no genómica de cortisol, y su participación en la modulación de los genes pro miogénicos myf5 y pax3. En miotubos estimulados con inhibidor, se observó un aumento en la expresión de pax3 a 1 hora de tratamiento con cortisol-BSA, efecto que fue revertido a las 6 horas. Esto podría deberse a un posible rol inhibidor por parte de PKA. Por otro lado, la expresión de myf5 tiende a disminuir en presencia de estímulo más inhibidor a 1 hora, y al aumento a 6 horas bajo los mismos estímulos, lo que indicaría una posible modulación de éste gen por PKA, pero ejerciendo un rol activador. Sin embargo, estas hipótesis requieren de más experimentos para ser aceptadas. Se puede concluir en esta investigación que la vía alternativa de cortisol modula la activación de las proteínas PKA y PKC y la expresión de los genes blanco pax3 y myf5 en músculo esquelético, lo cual es de suma importancia para ampliar y profundizar los conocimientos que se tienen con respecto al rol de los glucocorticoides en éste tejido

Learning from safety science: A way forward for studying cybersecurity incidents in organizations

In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents

Monitoring the volatile language of fungi using gas chromatography-ion mobility spectrometry

Fusarium oxysporum is a plant pathogenic fungus leading to severe crop losses in agriculture every year. A sustainable way of combating this pathogen is the application of mycoparasites—fungi parasitizing other fungi. The filamentous fungus Trichoderma atroviride is such a mycoparasite that is able to antagonize phytopathogenic fungi. It is therefore frequently applied as a biological pest control agent in agriculture. Given that volatile metabolites play a crucial role in organismic interactions, the major aim of this study was to establish a method for on-line analysis of headspace microbial volatile organic compounds (MVOCs) during cultivation of different fungi. An ion mobility spectrometer with gas chromatographic pre-separation (GC-IMS) enables almost real-time information of volatile emissions with good selectivity. Here we illustrate the successful use of GC-IMS for monitoring the time- and light-dependent release of MVOCs by F. oxysporum and T. atroviride during axenic and co-cultivation. More than 50 spectral peaks were detected, which could be assigned to 14 volatile compounds with the help of parallel gas chromatography-mass spectrometric (GC-MS) measurements. The majority of identified compounds are alcohols, such as ethanol, 1-propanol, 2-methyl propanol, 2-methyl butanol, 3-methyl-1-butanol and 1-octen-3-ol. In addition to four ketones, namely acetone, 2-pentanone, 2-heptanone, 3-octanone, and 2-octanone; two esters, ethyl acetate and 1-butanol-3-methylacetate; and one aldehyde, 3-methyl butanal, showed characteristic profiles during cultivation depending on axenic or co-cultivation, exposure to light, and fungal species. Interestingly, 2-octanone was produced only in co-cultures of F. oxysporum and T. atroviride, but it was not detected in the headspace of their axenic cultures. The concentrations of the measured volatiles were predominantly in the low ppbv range; however, values above 100 ppbv were detected for several alcohols, including ethanol, 2-methylpropanol, 2-methyl butanol, 1- and 3-methyl butanol, and for the ketone 2-heptanone, depending on the cultivation conditions. Our results highlight that GC-IMS analysis can be used as a valuable analytical tool for identifying specific metabolite patterns for chemotaxonomic and metabolomic applications in near-to-real time and hence easily monitor temporal changes in volatile concentrations that take place in minutes