S.E. Parkin
16 records found
1
‘The trivial tickets build the trust’
A co-design approach to understanding security support interactions in a large university
Increasingly, organizations are acknowledging the importance of human factors in the management of security in workplaces. There are challenges in managing security infrastructures in which there may be centrally mandated and locally managed initiatives to promote secure behaviou
...
“What Keeps People Secure is That They Met The Security Team”
Deconstructing Drivers And Goals of Organizational Security Awareness
Security awareness campaigns in organizations now collectively cost billions of dollars annually. There is increasing focus on ensuring certain security behaviors among employees. On the surface, this would imply a user-centered view of security in organizations. Despite this, th
...
Executive decision-makers
A scenario-based approach to assessing organizational cyber-risk perception
The executive leadership in corporate organizations is increasingly challenged with managing cyber-risks, as an important part of wider business risk management. Cyber-risks are complex, with the threat landscape evolving, including digital infrastructure issues such as trust in
...
Alert Alchemy
SOC Workflows and Decisions in the Management of NIDS Rules
Signature-based network intrusion detection systems (NIDSs) and network intrusion prevention systems (NIPSs) remain at the heart of network defense, along with the rules that enable them to detect threats. These rules allow Security Operation Centers (SOCs) to properly defend a n
...
Lessons in Prevention and Cure
A User Study of Recovery from Flubot Smartphone Malware
The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on their smartphones. We surve
...
"I needed to solve their overwhelmness"
How system administration work was affected by COVID-19
The ongoing global COVID-19 pandemic made working from home – wherever working remotely is possible the norm for what had previously been office-based jobs across the world. This change in how we work created a challenging situation for system administrators (sysadmins), as they
...
The boundedly rational employee
Security economics for behaviour intervention support in organizations
Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to a
...
Difficult for Thee, But Not for Me
Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware
Consumer IoT devices may suffer malware attacks, and be recruited into botnets or worse. There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. Less is known about pe
...
The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips pro
...
Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). Th
...
An Empirical Study of a Decentralized IdentityWallet
Usability, Security, and Perspectives on User Control
User-centric digital identity initiatives are emerging with a mission to shift control over online identity disclosures to the individual. However, there is little representation of prospective users in discussions of the merits of empowering users with new data management respon
...
Change that Respects Business Expertise
Stories as Prompts for a Conversation about Organisation Security
Leaders of organisations must make investment decisions relating to the security of their organisation. This often happens through consultation with a security specialist. Consultations may be regarded as conversations taking place in a trading zone between the two domains. We pr
...
“The thing doesn't have a name”
Learning from emergent real-world interventions in smart home security
Many consumer Internet-of-Things (IoT) devices are, and will remain, subject to compromise, often without the owner's knowledge. Internet Service Providers (ISPs) are among the actors best-placed to coordinate the remediation of these problems. They receive infection data and can
...
‘I feel like we’re really behind the game’
Perspectives of the United Kingdom’s intimate partner violence support sector on the rise of technology-facilitated abuse
Technology-facilitated abuse or ‘tech abuse’ in intimate partner violence (IPV) contexts describes the breadth of harms that can be enacted using digital systems and online tools. While the misappropriation of technologies in the context of IPV has been subject to prior research,
...
Smart assistant devices (such as Amazon Echo or Google Home) have notable differences to more conventional consumer computing devices. They can be used through voice control as well as physical interaction, and are often positioned as a shared device within a home environment. We
...