Protecting a whale in a sea of phish

Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.

Download Full-text

Future directions for behavioral information security research

Computers & Security ◽

10.1016/j.cose.2012.09.010 ◽

2013 ◽

Vol 32 ◽

pp. 90-101 ◽

Cited By ~ 256

Author(s):

Robert E. Crossler ◽

Allen C. Johnston ◽

Paul Benjamin Lowry ◽

Qing Hu ◽

Merrill Warkentin ◽

...

Keyword(s):

Information Security ◽

Future Directions ◽

Security Research ◽

Behavioral Information Security ◽

Behavioral Information

Download Full-text

Treatment Adherence in Real-World Settings: Measurement, Outcomes, and Future Directions

PsycEXTRA Dataset ◽

10.1037/e611122010-001 ◽

2010 ◽

Author(s):

Amy D. Herschell ◽

David J. Kolko ◽

Barbara L. Baumann

Keyword(s):

Treatment Adherence ◽

Real World ◽

Future Directions

Download Full-text

The 15th International Information Security Research Consortium (IISRC) Conference

International Affairs ◽

10.21557/iaf.51401259 ◽

2018 ◽

Vol 64 (003) ◽

pp. 133-182

Keyword(s):

Information Security ◽

Security Research ◽

Research Consortium

Download Full-text

A Survey on Bias and Fairness in Machine Learning

ACM Computing Surveys ◽

10.1145/3457607 ◽

2021 ◽

Vol 54 (6) ◽

pp. 1-35

Author(s):

Ninareh Mehrabi ◽

Fred Morstatter ◽

Nripsuta Saxena ◽

Kristina Lerman ◽

Aram Galstyan

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

Deep Learning ◽

Real World ◽

State Of The Art ◽

Future Directions ◽

Discriminatory Behavior ◽

Real World Applications ◽

Near Future ◽

Different Sources

With the widespread use of artificial intelligence (AI) systems and applications in our everyday lives, accounting for fairness has gained significant importance in designing and engineering of such systems. AI systems can be used in many sensitive environments to make important and life-changing decisions; thus, it is crucial to ensure that these decisions do not reflect discriminatory behavior toward certain groups or populations. More recently some work has been developed in traditional machine learning and deep learning that address such challenges in different subdomains. With the commercialization of these systems, researchers are becoming more aware of the biases that these applications can contain and are attempting to address them. In this survey, we investigated different real-world applications that have shown biases in various ways, and we listed different sources of biases that can affect AI applications. We then created a taxonomy for fairness definitions that machine learning researchers have defined to avoid the existing bias in AI systems. In addition to that, we examined different domains and subdomains in AI showing what researchers have observed with regard to unfair outcomes in the state-of-the-art methods and ways they have tried to address them. There are still many future directions and solutions that can be taken to mitigate the problem of bias in AI systems. We are hoping that this survey will motivate researchers to tackle these issues in the near future by observing existing work in their respective fields.

Download Full-text

Authentication System for Biometric Applications Using Mobile Devices

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.457-458.1224 ◽

2013 ◽

Vol 457-458 ◽

pp. 1224-1227

Author(s):

Jian Feng Hu ◽

Zhen Dong Mu

Keyword(s):

Information Security ◽

Mobile Devices ◽

Information Exchange ◽

Mobile Platform ◽

Eeg Signal ◽

Information Protection ◽

Security Research ◽

Authentication System ◽

Identification Tool

Mobile equipment has now become a new platform for information exchange, spend a lot of information exchange, how to effectively protect the mobile platform information security? Research has shown that, EEG signal can be used as identification tool, the user's information protection and good, this paper to protect the information security of mobile devices to research how to use EEG; the EEG signal is feasible for mobile equipment identification.

Download Full-text

The Challenges of Effectively Anonymizing Network Data

International Journal of Pharmacology and Pharmaceutical Technology ◽

10.47893/ijppt.2013.1003 ◽

2013 ◽

pp. 15-22

Author(s):

Ch. Himabindu

Keyword(s):

Network Security ◽

Information Security ◽

Data Collection ◽

Network Data ◽

Sensitive Information ◽

Security Testing ◽

The Past ◽

Technical Leadership ◽

Security Research ◽

Privacy Issues

The availability of realistic network data plays a significant role in fostering collaboration and ensuring U.S. technical leadership in network security research. Unfortunately, a host of technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing. In an effort to help overcome these limitations, several data collection efforts (e.g., CRAWDAD[14], PREDICT [34]) have been established in the past few years. The key principle used in all of these efforts to assure low-risk, high-value data is that of trace anonymization—the process of sanitizing data before release so that potentially sensitive information cannot be extracted.

Download Full-text

Biometric Systems De-Identification: Current Advancements and Future Directions

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1030024 ◽

2021 ◽

Vol 1 (3) ◽

pp. 470-495

Author(s):

Md Shopon ◽

Sanjida Nasreen Tumpa ◽

Yajurv Bhatia ◽

K. N. Pavan Kumar ◽

Marina L. Gavrilova

Keyword(s):

Information Security ◽

System Development ◽

User Profile ◽

Information Privacy ◽

Biometric System ◽

Comprehensive Overview ◽

Future Directions ◽

Behavioral Biometrics ◽

Open Questions ◽

Biometric Systems

Biometric de-identification is an emerging topic of research within the information security domain that integrates privacy considerations with biometric system development. A comprehensive overview of research in the context of authentication applications spanning physiological, behavioral, and social-behavioral biometric systems and their privacy considerations is discussed. Three categories of biometric de-identification are introduced, namely complete de-identification, auxiliary biometric preserving de-identification, and traditional biometric preserving de-identification. An overview of biometric de-identification in emerging domains such as sensor-based biometrics, social behavioral biometrics, psychological user profile identification, and aesthetic-based biometrics is presented. The article concludes with open questions and provides a rich avenue for subsequent explorations of biometric de-identification in the context of information privacy.

Download Full-text

In their own words: employee attitudes towards information security

Information and Computer Security ◽

10.1108/ics-04-2018-0042 ◽

2018 ◽

Vol 26 (3) ◽

pp. 327-337 ◽

Cited By ~ 4

Author(s):

Debi Ashenden

Keyword(s):

Information Security ◽

Employee Attitudes ◽

Individual Responsibility ◽

Social Acceptability ◽

Personal Construct ◽

Design Data ◽

Content Type ◽

Repertory Grids ◽

Personal Construct Psychology ◽

Security Research

Purpose The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research. Design/methodology/approach The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey. Findings The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks. Research limitations/implications The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation. Originality/value The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.

Download Full-text

Experiences with Cloud Technology to Realize Software Testing Factories

Cloud Technology ◽

10.4018/978-1-4666-6539-2.ch032 ◽

2015 ◽

pp. 689-715

Author(s):

Alan W. Brown

Keyword(s):

Software Testing ◽

Software Quality ◽

Real World ◽

Enterprise Software ◽

Future Directions ◽

Cloud Technology ◽

Delivery Approach ◽

Intended Use ◽

Testing Efficiency

In enterprise software delivery, the pursuit of software quality takes place in the context of a fundamental paradox: balancing the flexibility that drives speed of delivery with the rigor required to verify that what is being delivered is complete, correct, and appropriate for its intended use. One common approach to address this concern is to create “software testing factories” with the aim of increasing testing efficiency by standardizing and speeding up delivery of testing services. To achieve this balance, software testing factories are turning to cloud-based infrastructures as an essential delivery approach. Cloud technology exhibits characteristics that make adoption of software testing factories particularly attractive: elasticity of resources, ease of deployment, and flexible pricing. In this chapter, the author examines the role and structure of software testing factories and their realization using cloud technology, illustrates those concepts using real world examples, and concludes with some observations and a discussion on future directions.

Download Full-text

The Future of Augmented Reality Gaming

Emerging Technologies of Augmented Reality ◽

10.4018/978-1-59904-066-0.ch018 ◽

2011 ◽

pp. 367-383

Author(s):

Bruce H. Thomas

Keyword(s):

Augmented Reality ◽

Real World ◽

Future Directions ◽

Real World Applications ◽

The Future ◽

Outdoor Augmented Reality ◽

Indoor And Outdoor

Entertainment systems are one of the successful utilisations of augmented reality technologies to real world applications. This chapter provides my personal insights into the future directions of the use of augmented reality with gaming applications. This chapter explores a number of advances in technologies that may enhance augmented reality gaming. The features for both indoor and outdoor augmented reality are examined in context of their desired attributes for the gaming community. A set of concept games for outdoor augmented reality are presented to highlight novel features of this technology.

Download Full-text