Cyber Security as Social Experiment

Pieters, Wolter; Hadžiosmanović, Dina; Dechesne, Francien

doi:10.1145/2683467.2683469

Cited by 7 publications

(7 citation statements)

References 36 publications

(35 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…QADTs do not take into account the dynamic nature of the system and its dependencies, which can lead to incorrect risk assessments Pieters et al (2014) Proposes a framework for security risk analysis using "attacker profiles" to model different attack scenarios. Introduces the attacker profile library, the attack navigator, and the attack simulator.…”

Section: Kordy Et Al (2013b)mentioning

confidence: 99%

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Rana,

Gupta,

Gupta

2024

Front. Comput. Sci.

View full text Add to dashboard Cite

Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.

show abstract

Section: Kordy Et Al (2013b)mentioning

confidence: 99%

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Rana,

Gupta,

Gupta

2024

Front. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…A lot of different security models have been suggested to deal with the unique problems that come up when trying to keep cloud computer settings safe. The Cloud Security Alliance (CSA) Security [3] Guidance is one of these frameworks. It gives a complete list of best practices for protecting various parts of cloud settings, such as data security, identification and access control, and compliance.…”

Section: Literature Reviewmentioning

confidence: 99%

Designing a Robust Security Framework for Safeguarding Cloud Computing Environments in the Age of Cyber Threats

Pathak,

Shankar

2023

RJCSE

View full text Add to dashboard Cite

As online threats grow, it is very important to keep cloud computer settings safe. This paper suggests a complete security system that will keep cloud platforms and data safe from different threats. To make a multi-layered defense system, the framework combines a number of important parts, such as encryption methods, access control systems, and intruder detection systems. Strong encryption methods, like AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman), are at the heart of the system. They protect the privacy and security of data. Strong key management techniques go along with these methods to keep encryption keys safe and stop people from getting in without permission. Based on the principle of least privilege, access control methods are very important for making sure that only the right people can use resources. Tough access rules are put in place with role-based access control (RBAC) and attribute-based access control (ABAC). In addition, the framework has an intrusion detection system (IDS) that constantly checks cloud settings for any strange activity. Machine learning techniques are used by the IDS to find and stop possible threats in real time. This security strategy covers all aspects of protecting cloud computing settings and adapts to the changing nature of cyber dangers. By using this framework, businesses can make their cloud systems safer and keep private data safe from threats and people who aren't supposed to see it.

show abstract

“…Given this definition of adversarial risk, how can we leverage the understanding of this type of risk in studies that conceive of the introduction of new technology into society as a social experiment? In the cyber security domain, understanding the adversarial aspects of new technologies as social experiments is key (Dechesne, Hadžiosmanović and Pieters 2014;Pieters, Hadžiosmanović and Dechesne 2014;. Dechesne, Hadžiosmanović and Pieters (2014) discuss this for the case of smart electricity pilots in the Netherlands.…”

Section: Adversarial Risks In Social Experimentsmentioning

confidence: 99%

“…In the cyber security domain, understanding the adversarial aspects of new technologies as social experiments is essential, because of the societal damage associated with cyber attackers and attacks enabled by new technologies (Pieters, Hadžiosmanović and Dechesne 2014;. In this chapter, we extend this analysis by developing a typology of adversarial risks in social experiments.…”

Section: Introductionmentioning

confidence: 99%

Adversarial risks in social experiments with new technologies

Pieters¹,

Dechesne²

2017

New Perspectives on Technology in Society

View full text Add to dashboard Cite

Studies that approach the deployment of new technologies as social experiments have mostly focused on unintentional effects, notably safety. We argue for the inclusion of adversarial risks or security aspects that are the result of intentional, strategic behavior of actors, who aim at using the technology for their own purposes. Examples include cybercrime and terrorist use of materials obtained from nuclear facilities. Our general question is how the approach of new technologies as social experiments can be adapted or extended to account for such aspects. To this end, we re-interpret adversarial risks in social experiments in terms of actor-network theory, highlighting how intentional actions involving new technologies are different from unintentional events, by focusing on how actors form new networks with new technologies (composition), thus enabling new programs of action (translation). We also derive a typology of ways in which intentional (mis)use of new technologies creates risks, using the Bitcoin distributed currency as an example. Both contribute to conceptualizing adversarial risks in social experiments, as well as laying bare options for learning about adversarial risks during such experiments.

show abstract

Cyber Security as Social Experiment

Cited by 7 publications

References 36 publications

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Designing a Robust Security Framework for Safeguarding Cloud Computing Environments in the Age of Cyber Threats

Adversarial risks in social experiments with new technologies

Contact Info

Product

Resources

About