TY - CONF
T1 - Learning from early attempts to measure information security performance
AU - Zhang, Jing
AU - Berthier, Robin
AU - Rhee, Will
AU - Bailey, Michael
AU - Pal, Partha
AU - Jahanian, Farnam
AU - Sanders, William H.
N1 - Funding Information:
This project has been sponsored at UIUC by the Air Force Research Laboratory (AFRL), and we are grateful for the support of Patrick Hurley. This work was supported at UofM in part by the Department of Homeland Security (DHS) under contract number NBCHC080037; the National Science Foundation (NSF) under contract numbers CNS 1111699, CNS 091639, CNS 08311174, and CNS 0751116; and the Department of the Navy under contract N000.14-09-1-1042. This material was based in part on work supported by the National Science Foundation, while working at the Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
Publisher Copyright:
© 2012 USENIX Association. All rights reserved.
PY - 2012
Y1 - 2012
N2 - The rapid evolution of threat ecosystems and the shifting focus of adversarial actions complicate efforts to assure security of an organization’s computer networks. Efforts to build a rigorous science of security, one consisting of sound and reproducible empirical evaluations, start with measures of these threats, their impacts, and the factors that influence both attackers and victims. In this study, we present a careful examination of the issue of account compromise at two large academic institutions. In particular, we evaluate different hypotheses that capture common perceptions about factors influencing victims (e.g., demographics, location, behavior) and about the effectiveness of mitigation efforts (e.g., policy, education). While we present specific and sometimes surprising results of this analysis at our institutions, our goal is to highlight the need for similar in-depth studies elsewhere.
AB - The rapid evolution of threat ecosystems and the shifting focus of adversarial actions complicate efforts to assure security of an organization’s computer networks. Efforts to build a rigorous science of security, one consisting of sound and reproducible empirical evaluations, start with measures of these threats, their impacts, and the factors that influence both attackers and victims. In this study, we present a careful examination of the issue of account compromise at two large academic institutions. In particular, we evaluate different hypotheses that capture common perceptions about factors influencing victims (e.g., demographics, location, behavior) and about the effectiveness of mitigation efforts (e.g., policy, education). While we present specific and sometimes surprising results of this analysis at our institutions, our goal is to highlight the need for similar in-depth studies elsewhere.
UR - http://www.scopus.com/inward/record.url?scp=85084159833&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084159833&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:85084159833
T2 - 5th Workshop on Cyber Security Experimentation and Test, CSET 2012
Y2 - 6 August 2012
ER -