Evidence based cybersecurity is an approach aiming to support security professionals’ and policy makers’ decision-making processes regarding the deployment of security policies and tools, by calling for rigorous scientific investigations of the effectiveness of these policies and tools in achieving their goals in the wild.
This approach focuses on the human players who use cyberspace for various purposes, and seeks to guide the configuration and design of computer environments which could mitigate the consequences of cybercrime to targets and infrastructures. This talk will present concrete evidence from past and ongoing scientific efforts which the Evidence Based Cybersecurity Research Group in Georgia State University (ebcs.gsu.edu) has initiated, and which are aimed at understanding what works and what doesn’t in preventing and mitigating cybercrime. Concrete examples to the relevance of this approach in the context of security experts’, law enforcement agencies’ and policy makers’ efforts in deploying efficient and cost-effective security policies and tools will be provided.
About the speaker
David Maimon is an Associate Professor in the Department of Criminal Justice and Criminology at Georgia State University and the Director of the Evidence Based Cybersecurity Research Group. He has secondary appointment with the Computer Science Department at Georgia State University. He received his PhD in sociology from the Ohio State University in 2009. David’s research interests include theories of human behaviors, cyber-enabled and cyber-dependent crimes and experimental research methods. In 2015, he was awarded the Young Scholar Award from the White-Collar Crime Research Consortium of the National White-Collar Crime Center for his cybercrime research. He is also the recipient of the Philip Merrill Presidential Scholars Faculty Mentor Award (from the University of Maryland) and the Best Publication Award in Mental Health (from the American Sociological Association).
His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks and decision-making process in cyber space. He is also conducting research on intellectual property, darknet markets and cyber fraud.