Cyberstats Challenge: No Industry is safe from Ransomware

Mahreen Naisir, Fahan Mahmood and Vipul Malhortra from the University of Windsor presented their analysis of data from the Statistics Canada Cybercrime Survey at our 2019 Workshop in Ottawa. This was as part of a competition aiming to better align recent evidence and statistics with best practices for business. Participants thoroughly examined the data from …

Statut d’emploi et conformité aux politiques de sécurité de l’information

De plus en plus d’entreprises élargissent la flexibilité de leur main-d’œuvre. Cependant, les différents types de poste au sein des organisations soulèvent des enjeux et un niveau d’engagement différents. Cela est particulièrement vrai pour les employés temporaires qui ont peu de raisons de s’engager envers leur organisation. Le respect des politiques en matière de sécurité …

Employment status and information security policy compliance

More and more companies have been increasing the flexibility of their labor force. However, labor forces with different employee positions within the organization bring different stakes and level of commitment. This is particularly true with temporary employees who have little reason to be committed towards their organization. Complying with the security policies requires time and …

Interrogating Best Practices in Secure Operations and Development

Security operations and secure development are critical requirements that receive significant personnel, resources, training and other kinds of attention. As best practices proliferate, there has been little empirical research as to which are most effective and why. In this talk, I will review recent empirical studies that examine in depth the utility of threat modeling, …

Evidence Based Cybersecurity and its Relevance for Guiding Security Experts’, Law enforcement agencies’ and Policy Makers’ Efforts in Cyberspace

Evidence based cybersecurity is an approach aiming to support security professionals’ and policy makers’ decision-making processes regarding the deployment of security policies and tools, by calling for rigorous scientific investigations of the effectiveness of these policies and tools in achieving their goals in the wild. This approach focuses on the human players who use cyberspace …

Taxonomie des contre-mesures relatives aux crypto-rançongiciels

Les attaques de crypto-rançongiciels ont augmenté ces dernières années. Cette forme de maliciel brouille des données précieuses avec un cryptage pratiquement inébranlable et ne les libère qu’une fois la rançon payée. Il s’agit d’un changement important par rapport aux premières variantes des rançongiciels et cela a accru leur impact et la gravité globale de la …

The Low-Tech Communications of High-Tech Financial Fraudsters

Much case has been made of the use of sophisticated anonymity tools by financial fraudsters that hack financial institutions and steal personal and financial information. Our past research has shown that these technologies were used to protect the fraudsters’ privacy and to facilitate their attacks against financial institutions. Our latest interactions and analysis of the …