Security operations and secure development are critical requirements that receive significant personnel, resources, training and other kinds of attention. As best practices proliferate, there has been little empirical research as to which are most effective and why. In this talk, I will review recent empirical studies that examine in depth the utility of threat modeling, …
Les fraudes sentimentales en ligne représentent l’arnaque la plus courante et la plus lucrative au Canada. La plupart de ces fraudes impliquent des criminels qui créent de faux profils en ligne sur des sites de rencontres et des sites de réseaux sociaux pour attirer des personnes dans des relations afin de leur soutirer de l’argent. …
Online romance scams are the most common and lucrative scam in Canada. Most of these scams involve criminals creating fake online profiles on dating sites and social networking sites to draw individuals into relationships to trick them out of money. Seven hundred sixty victims in Canada reported losses of more than $22.5 million to the …
Evidence based cybersecurity is an approach aiming to support security professionals’ and policy makers’ decision-making processes regarding the deployment of security policies and tools, by calling for rigorous scientific investigations of the effectiveness of these policies and tools in achieving their goals in the wild. This approach focuses on the human players who use cyberspace …
Les attaques de crypto-rançongiciels ont augmenté ces dernières années. Cette forme de maliciel brouille des données précieuses avec un cryptage pratiquement inébranlable et ne les libère qu’une fois la rançon payée. Il s’agit d’un changement important par rapport aux premières variantes des rançongiciels et cela a accru leur impact et la gravité globale de la …
In recent years, crypto-ransomware attacks have been on the rise. This form of malware scrambles valuable data with virtually unbreakable encryption and does not release it until a ransom is paid. This is a significant shift from early variants of ransomware and it has increased the impact of ransomware and the overall seriousness of the …
Much case has been made of the use of sophisticated anonymity tools by financial fraudsters that hack financial institutions and steal personal and financial information. Our past research has shown that these technologies were used to protect the fraudsters’ privacy and to facilitate their attacks against financial institutions. Our latest interactions and analysis of the …
Les chercheurs, les journalistes et les politiciens s’inquiètent des effets de la désinformation en ligne. Les fausses nouvelles et la désinformation en ligne ont été particulièrement médiatisées lors des élections américaines de 2016. Certains commentateurs ont même suggéré que la désinformation en ligne a joué un rôle décisif dans cette élection. Une enquête auprès des …
Researchers, journalists and politicians are concerned about the effects of online disinformation. Fake news and online disinformation were especially higlihted during the American 2016 election. Some commentators have even sug-gested that online disinformation played a deciding role in that election. A survey of Candian social media users reported that 41% of respondents have found links …
While dealing with interconnected and global risks, the cyber-insurance market is intensely growing. This market is a creature of privacy and data security regulations, and mandatory breach notifications have shaped its business model. Market stakeholders suggest that cyber-insurance provides incentives and resources to insured organizations for improving cybersecurity. This presentation seeks to empirically test this …