english

Employment status and information security policy compliance

More and more companies have been increasing the flexibility of their labor force. However, labor forces with different employee positions within the organization bring different stakes and level of commitment. This is particularly true with temporary employees who have little reason to be committed towards their organization. Complying with the security policies requires time and …

Interrogating Best Practices in Secure Operations and Development

Security operations and secure development are critical requirements that receive significant personnel, resources, training and other kinds of attention. As best practices proliferate, there has been little empirical research as to which are most effective and why. In this talk, I will review recent empirical studies that examine in depth the utility of threat modeling, …

Evidence Based Cybersecurity and its Relevance for Guiding Security Experts’, Law enforcement agencies’ and Policy Makers’ Efforts in Cyberspace

Evidence based cybersecurity is an approach aiming to support security professionals’ and policy makers’ decision-making processes regarding the deployment of security policies and tools, by calling for rigorous scientific investigations of the effectiveness of these policies and tools in achieving their goals in the wild. This approach focuses on the human players who use cyberspace …

The role of conformity to other users’ views regarding disinformation in social media

Researchers, journalists and politicians are concerned about the effects of online disinformation. Fake news and online disinformation were especially higlihted during the American 2016 election. Some commentators have even sug-gested that online disinformation played a deciding role in that election. A survey of Candian social media users reported that 41% of respondents have found links …

Booting the booter

DoS (Denial of service) is an attack in which the perpetrator generates a large amount of traffic to overwhelm end-users or web service and prevent some or all legitimate requests from being fulfilled. Booter’ or ‘stresser’ services provide DoS attacks as-a-service. Booter operators can advertise their service and individuals can set up accounts and order …

Testing Internet of Toys

Internet-connected toys (IoToys) offer children opportunities to play and learn, and also educational support thanks to their interactive and personalized features. IoToys, like any other Internet of Things (IoT) devices, contain embedded electronics and computing elements, such as microphones, cameras, sensors of various kinds, which enable them to interact with users and adapt to their …

Smartwatch games: Encouraging privacy-protective behaviour

According to a report from the Office of the Privacy Commissioner of Canada, in 2018, 92% of Canadians expressed some levels of concern regarding the protection of their privacy. However, some individuals frequently exhibit behaviour which places their data at risk. This disparity between claimed concern and practical action is called the Privacy Paradox. The …