Learning from early attempts to measure information security performance

Jing Zhang, Robin Berthier, Will Rhee, Michael Bailey, Partha Pal, Farnam Jahanian, William H. Sanders

Research output: Contribution to conferencePaperpeer-review

Abstract

The rapid evolution of threat ecosystems and the shifting focus of adversarial actions complicate efforts to assure security of an organization’s computer networks. Efforts to build a rigorous science of security, one consisting of sound and reproducible empirical evaluations, start with measures of these threats, their impacts, and the factors that influence both attackers and victims. In this study, we present a careful examination of the issue of account compromise at two large academic institutions. In particular, we evaluate different hypotheses that capture common perceptions about factors influencing victims (e.g., demographics, location, behavior) and about the effectiveness of mitigation efforts (e.g., policy, education). While we present specific and sometimes surprising results of this analysis at our institutions, our goal is to highlight the need for similar in-depth studies elsewhere.

Original languageEnglish (US)
StatePublished - 2012
Externally publishedYes
Event5th Workshop on Cyber Security Experimentation and Test, CSET 2012 - Bellevue, United States
Duration: Aug 6 2012 → …

Conference

Conference5th Workshop on Cyber Security Experimentation and Test, CSET 2012
Country/TerritoryUnited States
CityBellevue
Period8/6/12 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Learning from early attempts to measure information security performance'. Together they form a unique fingerprint.

Cite this