SECReT 2010 PhD projects
- Metal oxide semiconductor gas sensors as an electronic nose for the detection of microbial agents
- What are the factors that make communities vulnerable to, or resistant against, the emergence of radicalising settings?
- Covert taggant nanoparticle inks - discovery, process and product development, and analysis for sustainability and efficiency
- Diffusion processes of political violence: The role of information
- Engineering IT risk awareness, education and training
- Three-dimentional imaging of baggage for security applications.
- Understanding the traffic-driven epidemic spreading in scale-free networks
- Optimal search and detection of targets in an uncertain environment using unmanned aerial vehicle
- Explosive residue: Evaluation and optimisation of detection and sampling procedures
- Forecasting adversary’s scenarios: Systemic competitive red teaming
- Secure digital archive and web search using a Probably Approximately Correct architecture
- Mobilising community resilience through techno-social innovation
- Numerical modelling/empirical analysis of civil conflict
- Landmine, IED, UXO Detection using Ground Penetrating Radar from an Unmanned Aerial Vehicle
- Towards a usable and less disruptive security in the workplace
- Securing from exploits using information theoretical techniques
- Crime drop in Chile: Searching for causes and mechanisms
- Inferring user behaviour despite wireless network encryption
- The Chain of Evidence - a critical appraisal of the applicability and validity of forensic research and the usability of forensic evidence
Engineering IT risk awareness, education and training
7 March 2012
A significant part of the world today is highly dependent on Information Technology. Organisations use computer systems as the major tool of work production. This results to a need to protect the IT assets of an organisation to avoid sensitive data leakages but also to ensure uninterrupted workflow that can hinder business processes. The complexity of Information Security and its fast-changing nature, with new threats appearing every day, makes it difficult to understand by non-technically competent employees. User education has been used to shape user behaviour to comply with security policies, which are usually developed based on identified threats and vulnerabilities in organisations. Until now education schemes were based on empirical data, experience of past security breaches and examples of bad practices that should be avoided, usually presenting users with large checklists exhaustively reporting all security threats. The problem with this is that no attempt is made to understand how users perceive security, what misconceptions they form and address those through better Security awareness, education and training campaigns.
This project will aim to devise a systematic approach to security awareness, education and training that will:
- Improve on the communication to employees of the risks related to their IT related everyday operations and their awareness on potential security breaches.
- Allow creation of education and training schemes that are grounded on the identified risks and prioritise those which address the threats that present the higher risk to an organisation.
- Ensure the imposed measures do not hinder the effectiveness of business processes and impose a minimal burden on the employees’ everyday tasks.
The creation of a systematic approach to aid security awareness, education and training based on risk communication will allow organisations to communicate more effectively the IT-related risks, implement effective education and training, and thus influence employee behaviour. This can provide many advantages for the organisations that will follow similar approaches, but also for their employees:
- Will allow helping users form a clear understanding of the threats they face, so that they can correctly perceive the benefits of compliance with security practices, by altering the perceived cost/benefit balance.
- Easy to use measures will be better embraced and adopted by employees and decrease employee frustration.
- It can improve on the effectiveness of security campaigns developed and prevent organisations from spending resources to develop ineffective campaigns scientific principles on their design.
- A systematic approach to the development of security measures can be reused and reapplied to new situations in an organisation and allow a wider range of organisations to easily adopt it to solve their specific security problems.