Welcome to the October edition of the RISCS Roundup. This is our new monthly online update which will showcase the latest activity from across all RISCS Projects.
RISCS has been a hive of activity over the summer months. Head over to the RISCS website to see our new pages on Events and Job Opportunities. The site now features job postings and highlights events across the Cyber Security Community, keeping you up to date with events held by each of the four Research Institutes as well as other relevant organisations.
RISCS Round-table Meeting Friday 22nd November 2019
We’ve also been working over the summer on future-proofing RISCS and responding to the exciting growth we’ve witnessed in our community over the past couple of years. We have developed a few initiatives that we think will achieve this and we had the opportunity to raise these at our Advisory Board meeting last week.
In order to benefit from a round of wider feedback we are hosting a round table to refine our ideas prior to implementation. We would welcome input and insights from any of our RISCS community members and we invite you to save the date of Friday 22nd November to attend a meeting in central London at which we will gather input. We will circulate a paper in advance so if you’re not able to attend, you may still forward your thoughts for consideration as we solidify these plans.
Spotlight on…Leveraging the Multi-Stakeholder Nature of Cyber Security
A summary of progress and achievements of 2019 for the project led by Professor Christian Wagner and team at the University of Nottingham
The initial public release of open source software to facilitate capture of interval-valued responses, ‘DECSYS’ (Discrete and Ellipse-based response Capture SYStem) was made at the end of June. Shortly afterwards, a presentation and demonstration of the capabilities of this software was given at our research partner’s institution, Carnegie Mellon University, Pittsburgh. A paper with the same purpose was also presented at the 2019 IEEE International Conference on Fuzzy Systems, in New Orleans. A second paper relating to the project was also presented at the same conference, ‘On Comparing and Selecting Approaches to Model Interval-Valued Data as Fuzzy Sets’.
A poster presentation was made at the MathPsych 2019 conference, to share empirical findings about the efficacy of the interval-valued response-format in capturing three classes of individual response uncertainty. Another paper, which investigated the added value provided by capturing uncertainty in expert ratings in the context of Cyber Security vulnerability assessments, was presented at the 14th International Conference on Critical Information Infrastructures Security (CRITIS). This won the Young CRITIS Award, for the best paper submitted by someone under the age of 35.
Two journal papers were also accepted this year focussing on the modelling and comparison of information (such as vulnerability assessments derived from experts) modelled as fuzzy sets. The first concerns the relationship between similarity measures and thresholds of statistical significance in the context of fuzzy sets, and is published in IEEE Transactions on Fuzzy Systems. The second concerns the selection of similarity measures for comparing type-2 fuzzy sets, and is published in Information Sciences.
Read more about Levaraging the Multi-Stakeholder Nature of Cyber Security here
RISCS Cyber Crime study features in the HMICFRS inspection report
The RISCS Cyber Crime study Victims of Computer Misuse Crime has featured in the HMICFRS inspection report, published last week. The University of Portsmouth, in a project led by Professor Mark Button has conducted a depth study of victims of cyber-dependent crime. This includes both individual and SME victims of Computer Misuse Act 1990 offences. The research included 52 depth interviews with victims, a survey of 252 victims among other strategies. The research explored a number of issues such as the impact, the reasons for falling victim and the needs of the victims to name some. The findings will be published before Christmas and highlight the significant impact these crimes have on victims, even when there is no financial loss, such as psychological and health impacts. The research also identifies a number of recommendations to better support such victims and to more effectively prevent it.The study features on p70 of the inspection report
Why Johnny Doesn’t Write Secure Software (PI Prof Awais Rashid)
Patnaik, N, Hallett, J & Rashid, A 2019, Usability Smells: An Analysis of Developers’ Struggle With Crypto Libraries. in Proceedings of the Fifteenth Symposium on Usable Privacy and Security. USENIX Association.
van der Linden, D, Hadar, I, Edwards, M & Rashid, A 2019, Data, data, everywhere: quantifying software developers’ privacy attitudes. in Proceedings of the 9th International Workshop on Socio-Technical Aspects in SecuriTy (STAST). Springer.
Find out more about the Why Johnny Doesn’t Write Secure Software project here
ACCEPT (PI Prof Shujun Li)
Tasmina Islam, Ingolf Becker, Rebecca Posner, Paul Ekblom, Michael McGuire, Hervé Borrion and Shujun Li, “A Socio-Technical and Co-Evolutionary Framework for Reducing Human-Related Risks in Cyber Security and Cybercrime Ecosystems,” accepted to DependSys 2019 (5th International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications), to be held from November 12-15, 2019 in Guangzhou, China, to be published in a volume of Communications in Computer and Information Science by Springer.
Find out more about the ACCEPT project here