Automating the Communication of Cybersecurity Knowledge: Multi-Case Study

• URL: http://arxiv.org/abs/2007.07602v2
• Date: Mon, 11 Oct 2021 17:00:17 GMT
• Title: Automating the Communication of Cybersecurity Knowledge: Multi-Case Study
• Authors: Alireza Shojaifar, Samuel A. Fricker, Martin Gwerder
• Abstract summary: This paper explores an alternative do-it-yourself (DIY) approach to bringing cybersecurity to small businesses. Our method implements the Self-Determination Theory (SDT) guide and motivate to adopt good cybersecurity practices. The results of this study indicate that automated counselling can help many SMB in security adoption.
• Score: 1.138723572165938
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cybersecurity is essential for the protection of companies against cyber threats. Traditionally, cybersecurity experts assess and improve a company's capabilities. However, many small and medium-sized businesses (SMBs) consider such services not to be affordable. We explore an alternative do-it-yourself (DIY) approach to bringing cybersecurity to SMBs. Our method and tool, CYSEC, implements the Self-Determination Theory (SDT) to guide and motivate SMBs to adopt good cybersecurity practices. CYSEC uses assessment questions and recommendations to communicate cybersecurity knowledge to the end-user SMBs and encourage self-motivated change. In this paper, the operationalisation of SDT in CYSEC is presented and the results of a multi-case study shown that offer insight into how SMBs adopted cybersecurity practices with CYSEC. Effective automated cybersecurity communication depended on the SMB's hands-on skills, tools adaptedness, and the users' willingness to documenting confidential information. The SMBs wanted to learn in simple, incremental steps, allowing them to understand what they do. An SMB's motivation to improve security depended on the fitness of assessment questions and recommendations with the SMB's business model and IT infrastructure. The results of this study indicate that automated counselling can help many SMBs in security adoption. The final publication is available at Springer via https://link.springer.com/chapter/10.1007%2F978-3-030-59291-2_8

Related papers

• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• Cybersecurity as a Service [0.43981305860983705]
  This chapter gives an overview of common cybersecurity as a service functions and their providers. It provides guidance especially for small- and medium-sized businesses, for asking the appropriate questions when it comes to the selection of a specific MSSP.
  arXiv  Detail & Related papers  (2024-02-21T17:49:53Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• Purple Llama CyberSecEval: A Secure Coding Benchmark for Language Models [41.068780235482514]
  This paper presents CyberSecEval, a comprehensive benchmark developed to help bolster the cybersecurity of Large Language Models (LLMs) employed as coding assistants. CyberSecEval provides a thorough evaluation of LLMs in two crucial security domains: their propensity to generate insecure code and their level of compliance when asked to assist in cyberattacks.
  arXiv  Detail & Related papers  (2023-12-07T22:07:54Z)
• SECAdvisor: a Tool for Cybersecurity Planning using Economic Models [0.587978226098469]
  Lack of investments and perverse economic incentives are the root cause of cyberattacks. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models.
  arXiv  Detail & Related papers  (2023-04-16T22:31:50Z)
• Graph Mining for Cybersecurity: A Survey [61.505995908021525]
  The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
  arXiv  Detail & Related papers  (2023-04-02T08:43:03Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• SMEs Confidentiality Issues and Adoption of Good Cybersecurity Practices [0.0]
  Small and medium-sized enterprises (SME) are considered more vulnerable to cyber-attacks. We are designing a do-it-yourself (DIY) security assessment and capability improvement method, CYSEC. In this paper, we explore the importance of dynamic consent and its effect on SMEs trust perception and sharing information.
  arXiv  Detail & Related papers  (2020-07-16T09:24:51Z)
• Elicitation of SME Requirements for Cybersecurity Solutions by Studying Adherence to Recommendations [1.138723572165938]
  Small and medium-sized enterprises (SME) have become the weak spot of our economy for cyber attacks. One of the reasons for why many SME do not adopt cybersecurity is that developers of cybersecurity solutions understand little the SME context. This poster describes the challenges of SME regarding cybersecurity and introduces our proposed approach to elicit requirements for cybersecurity solutions.
  arXiv  Detail & Related papers  (2020-07-16T08:36:40Z)
• SMEs' Confidentiality Concerns for Security Information Sharing [1.3452510519858993]
  Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
  arXiv  Detail & Related papers  (2020-07-13T10:59:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.