• DocumentCode
    2718140
  • Title

    Measuring the human factor of cyber security

  • Author

    Bowen, Brian M. ; Devarajan, Ramaswamy ; Stolfo, Salvatore

  • fYear
    2011
  • fDate
    15-17 Nov. 2011
  • Firstpage
    230
  • Lastpage
    235
  • Abstract
    This paper investigates new methods to measure, quantify and evaluate the security posture of human organizations especially within large corporations and government agencies. Computer security is not just about technology and systems. It is also about the people that use those systems and how their vulnerable behaviors can lead to exploitation. We focus on measuring enterprise-level susceptibility to phishing attacks. Results of experiments conducted at Columbia University and the system used to conduct the experiments are presented that show how the system can also be effective for training users. We include a description of follow-on work that has been proposed to DHS that aims to measure and improve the security posture of government departments and agencies, as well as for comparing security postures of individual agencies against one another.
  • Keywords
    business data processing; human factors; security of data; computer security; cyber security; enterprise-level susceptibility; government agencies; government department; human factor; human organization; large corporation; phishing attack; security posture; Educational institutions; Electronic mail; Measurement; Organizations; Security; Testing; Training;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Technologies for Homeland Security (HST), 2011 IEEE International Conference on
  • Conference_Location
    Waltham, MA
  • Print_ISBN
    978-1-4577-1375-0
  • Type

    conf

  • DOI
    10.1109/THS.2011.6107876
  • Filename
    6107876
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2718140