Bias and noise in security risk assessments, an empirical study on the information position and confidence of security professionals

Professionals working in both the physical and cybersecurity domain need to assess and evaluate security risks. As information on risks in general and security risks in particular is often imperfect and intractable, these professionals are facing a challenge in judging both likelihood and consequences, but how much do their existing...

On the anatomy of social engineering attacks: A literature-based dissection of successful attacks

The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and...

Secure or usable computers? Revealing employees’ perceptions and trade-offs by means of a discrete choice experiment

It is often suggested in the literature that employees regard technical security measures (TSMs) as user-unfriendly, indicating a trade-off between security and usability. However, there is little empirical evidence of such a trade-off, nor about the strength of the associated negative correlation and the importance employees attach to both...

Beyond individual-centric privacy: Information technology in social systems

In the public debate, social implications of information technology are mainly seen through the privacy lens. Impact assessments of information technology are also often limited to privacy impact assessments, which are focused on individual rights and well-being, as opposed to the social environment. In this article, I argue that this...

Bayesian Network Models in Cyber Security: A Systematic Review

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a...