A survey on systems security metrics
M Pendleton, R Garcia-Lebron, JH Cho… - ACM Computing Surveys …, 2016 - dl.acm.org
Security metrics have received significant attention. However, they have not been
systematically explored based on the understanding of attack-defense interactions, which …
systematically explored based on the understanding of attack-defense interactions, which …
Cyber-dependent crimes: An interdisciplinary review
D Maimon, ER Louderback - Annual Review of Criminology, 2019 - annualreviews.org
Online crime has increased in severity and frequency over the past two decades. However,
although several scientific disciplines have commonly employed criminological theories to …
although several scientific disciplines have commonly employed criminological theories to …
{“... No} one Can Hack My {Mind”}: Comparing Expert and {Non-Expert} Security Practices
The state of advice given to people today on how to stay safe online has plenty of room for
improvement. Too many things are asked of them, which may be unrealistic, time …
improvement. Too many things are asked of them, which may be unrealistic, time …
SoK: Quantifying cyber risk
This paper introduces a causal model inspired by structural equation modeling that explains
cyber risk outcomes in terms of latent factors measured using reflexive indicators. First, we …
cyber risk outcomes in terms of latent factors measured using reflexive indicators. First, we …
Users really do plug in USB drives they find
M Tischer, Z Durumeric, S Foster… - … IEEE Symposium on …, 2016 - ieeexplore.ieee.org
We investigate the anecdotal belief that end users will pick up and plug in USB flash drives
they find by completing a controlled experiment in which we drop 297 flash drives on a large …
they find by completing a controlled experiment in which we drop 297 flash drives on a large …
Riskteller: Predicting the risk of cyber incidents
L Bilge, Y Han, M Dell'Amico - Proceedings of the 2017 ACM SIGSAC …, 2017 - dl.acm.org
The current evolution of the cyber-threat ecosystem shows that no system can be considered
invulnerable. It is therefore important to quantify the risk level within a system and devise risk …
invulnerable. It is therefore important to quantify the risk level within a system and devise risk …
System and method for assessing cybersecurity awareness
Described embodiments include a system that includes a monitoring agent, configured to
automatically monitor usage of a computing device by a user, and a processor. The …
automatically monitor usage of a computing device by a user, and a processor. The …
Av-meter: An evaluation of antivirus scans and labels
A Mohaisen, O Alrawi - Detection of Intrusions and Malware, and …, 2014 - Springer
Antivirus scanners are designed to detect malware and, to a lesser extent, to label
detections based on a family association. The labeling provided by AV vendors has many …
detections based on a family association. The labeling provided by AV vendors has many …
Do or do not, there is no try: user engagement may not improve security outcomes
Computer security problems often occur when there are disconnects between users'
understanding of their role in computer security and what is expected of them. To help users …
understanding of their role in computer security and what is expected of them. To help users …
SoK: Cyber insurance–technical challenges and a system security roadmap
S Dambra, L Bilge, D Balzarotti - 2020 IEEE Symposium on …, 2020 - ieeexplore.ieee.org
Cyber attacks have increased in number and complexity in recent years, and companies
and organizations have accordingly raised their investments in more robust infrastructure to …
and organizations have accordingly raised their investments in more robust infrastructure to …