Towards Safe and Just Work Environments for System Administrators: A Qualitative Sociotechnical Investigation into System Administration

Technological systems and infrastructures form the bedrock of modern society and it is system administrators (sysadmins) who configure, maintain and operate these infrastructures. More often than not, they do so behind the scenes. The work of system administration tends to be unseen and, consequently, not well known. After all, do you think of...

Investigating the modeling assumptions of alert-driven attack graphs: A cognitive load-based quantification approach of interpretability in attack graphs

The interpretability of an attack graph is a key principle as it reflects the difficulty of a specialist to take insights into attacker strategies. However, the quantification of interpretability is considered to be a subjective manner and complex attack graphs can be challenging to read and interpret. In this research paper, we propose a new...

Drivers and barriers for secure hardware adoption across ecosystem stakeholders

The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips provide security functions such as authentication, secure execution...

Transition to Digitalized Paradigms for Security Control and Decentralized Electricity Market

Digitalization is one of the key drivers for energy system transformation. The advances in communication technologies and measurement devices render available a large amount of operational data and enable the centralization of such data storage and processing. The greater access to data opens up new opportunities for a more efficient and...

Network intrusion prediction model using external data

Nowadays does the internet presence of companies increase, and with it, their attack surface and the probability of breaches: every information system in the company's network may be an entry point for an outsider. Therefore, companies need to secure their information systems. However, current risk assessment frameworks fail to connect the...

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

IoT devices keep entering our homes with the promise of delivering more services and enhancing user experience; however, these new devices also carry along an alarming number of vulnerabilities and security issues. In most cases, the users of these devices are completely unaware of the security risks that connecting these devices entail. Current...

Building Cybersecurity Awareness: The need for evidence-based framing strategies

Cybersecurity is a global phenomenon representing a complex socio-technical challenge for governments, but requiring the involvement of individuals. Although cybersecurity is one of the most important challenges faced by governments today, the visibility and public awareness remains limited. Almost everybody has heard of cybersecurity,...

Secrecy versus openness: Internet security and the limits of open source and peer production

Open source and peer production have been praised as organisational models that could change the world for the better. It is commonly asserted that almost any societal activity could benefit from distributed, bottom-up collaboration — by making societal interaction more open, more social, and more democratic. However, we also need to be mindful...

Security economics in the HTTPS value chain

Even though we increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. We present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. We conceptualize the...