Cyber risk research impeded by disciplinary barriers

Falco, Gregory; Eling, Martin; Jablanski, Danielle; Weber, M.; Miller, Virginia L; Gordon, Lawrence A.; Wang, Shaun Shuxun; Schmit, Joan T.; Thomas, Russell; Elvedi, Mauro; Maillart, Thomas; Donavan, Emy; Dejung, Simon; Durand, Éric; Nutter, Franklin W.; Scheffer, Uzi; Arazi, Gil; Ohana, Gilbert; Lin, Herbert

doi:10.1126/science.aaz4795

Cited by 39 publications

(28 citation statements)

References 13 publications

(10 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These diverse concerns mean that drawing researchers and practitioners from diverse disciplines is more likely to lead to success [73,35]. These HCAI systems will be well received if they go beyond statements about fairness, transparency, accountability, security, and privacy to support specific practices that raise human self-efficacy, encourage creativity, clarify responsibility, and facilitate social participation.…”

Section: Limitations Conclusion and Future Directionsmentioning

confidence: 99%

Bridging the Gap Between Ethics and Practice

Shneiderman

2020

ACM Trans. Interact. Intell. Syst.

279

View full text Add to dashboard Cite

This article attempts to bridge the gap between widely discussed ethical principles of Human-centered AI (HCAI) and practical steps for effective governance. Since HCAI systems are developed and implemented in multiple organizational structures, I propose 15 recommendations at three levels of governance: team, organization, and industry. The recommendations are intended to increase the reliability, safety, and trustworthiness of HCAI systems: (1) reliable systems based on sound software engineering practices, (2) safety culture through business management strategies, and (3) trustworthy certification by independent oversight. Software engineering practices within teams include audit trails to enable analysis of failures, software engineering workflows, verification and validation testing, bias testing to enhance fairness, and explainable user interfaces. The safety culture within organizations comes from management strategies that include leadership commitment to safety, hiring and training oriented to safety, extensive reporting of failures and near misses, internal review boards for problems and future plans, and alignment with industry standard practices. The trustworthiness certification comes from industry-wide efforts that include government interventions and regulation, accounting firms conducting external audits, insurance companies compensating for failures, nongovernmental and civil society organizations advancing design principles, and professional organizations and research institutes developing standards, policies, and novel ideas. The larger goal of effective governance is to limit the dangers and increase the benefits of HCAI to individuals, organizations, and society. CCS Concepts: • Computing methodologies → Philosophical/theoretical foundations of artificial intelligence; • Human-centered computing → HCI theory, concepts and models; • Software and its engineering → Software development process management;

show abstract

Section: Limitations Conclusion and Future Directionsmentioning

confidence: 99%

Bridging the Gap Between Ethics and Practice

Shneiderman

2020

ACM Trans. Interact. Intell. Syst.

279

View full text Add to dashboard Cite

show abstract

“…Sample period: N/A (7 months) Kamiya et al (2020) Conduct a comprehensive study that systematically evaluates both the likelihood and severity of data breaches as well as identifying the corresponding determinants. Sample period: 2005Sample period: -2017 Panel D: Cyber risk treatmentavoidance Falco et al (2019) Describe designing and using inherently secure systems as a type of risk avoidance. Sample period: N/A Toward the late 1990s, scholars from IT and other related disciplines eventually became aware of the lack of consistency and integrity in cataloging computer security risks and realized the need for a universal framework.…”

Section: Sample Period: N/amentioning

confidence: 99%

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

Self Cite

View full text Add to dashboard Cite

Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as "cyber risk management," which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.

show abstract

“…For example, research has shown that students have little understanding of agreed‐upon definitions in environmental and geographic education 9 and evolutionary biology 10 . Finally, definitional ambiguity in cybersecurity has recently been identified as one of the problems preventing the effective benchmarking of security across and within organizations 11 . In short, understanding definitional contexts is critical to effective STEM instruction 12,13 …”

Section: Introductionmentioning

confidence: 99%

“…10 Finally, definitional ambiguity in cybersecurity has recently been identified as one of the problems preventing the effective benchmarking of security across and within organizations. 11 In short, understanding definitional contexts is critical to effective STEM instruction. 12,13 Although bioinformatics is frequently described in the literature, to the best of our knowledge, only two definitions of the field have been formally proposed (Table 1).…”

Section: Introductionmentioning

confidence: 99%

An instructional definition and assessment rubric for bioinformatics instruction

Tapprich

Reichart

Simon

et al. 2020

Biochem Molecular Bio Educ

View full text Add to dashboard Cite

The lack of an instructional definition of bioinformatics delays its effective integration into biology coursework. Using an iterative process, our team of biologists, a mathematician/computer scientist, and a bioinformatician together with an educational evaluation and assessment specialist, developed an instructional definition of the discipline: Bioinformatics is “an interdisciplinary field that is concerned with the development and application of algorithms that analyze biological data to investigate the structure and function of biological polymers and their relationships to living systems.” The field is defined in terms of its two primary foundational disciplines, biology and computer science, and its interdisciplinary nature. At the same time, we also created a rubric for assessing open‐ended responses to a prompt about what bioinformatics is and how it is used. The rubric has been shown to be reliable in successive rounds of testing using both common percent agreement (89.7%) and intraclass correlation coefficient (0.620) calculations. We offer the definition and rubric to life sciences instructors to help further integrate bioinformatics into biology instruction, as well as for fostering further educational research projects.

show abstract

Cyber risk research impeded by disciplinary barriers

Cited by 39 publications

References 13 publications

Bridging the Gap Between Ethics and Practice

Bridging the Gap Between Ethics and Practice

Cyber risk management: History and future research directions

An instructional definition and assessment rubric for bioinformatics instruction

Contact Info

Product

Resources

About