cybersecurity

Cybersecurity in the Icelandic Multiverse

Photo of Megan McGrath presenting at EPIC2022. Projected slide says "Building a Strategic Multiverse"
MEGHAN MCGRATH IBM “Security in cyber space should be one of the main cornerstones of economic prosperity in Iceland, resting on a foundation of sophisticated awareness of security issues and legislation.” —Icelandic National Cyber Security Strategy Iceland makes a unique case study for cybersecurity in that it ranks among the world’s most connected nations as well as among the highest for social trust. Data that elsewhere is considered sensitive is shared freely by individuals and businesses. As a result, technology built in places with different cybersecurity paradigms may not function as intended in an Icelandic context. This work, undertaken with undergraduate and graduate students from the University of Iceland’s Computer Science department, employed ethnographic methods in a classroom setting to build cybersecurity awareness with a special emphasis on culture and to engage the broader community in conversations about security from local perspectives. This work lends itself well to multinational enterprise...

Bringing the Security Analyst into the Loop: From Human-Computer Interaction to Human-Computer Collaboration

LIZ ROGERS IBM Security This case study examines how one Artificial Intelligence (AI) security software team made the decision to abandon a core feature of the product – an interactive Knowledge Graph visualization deemed by prospective buyers as “cool,” “impressive,” and “complex” – in favor of one that its users – security analysts – found easier to use and interpret. Guided by the results of ethnographic and user research, the QRadar Advisor with Watson team created a new knowledge graph (KG) visualization more aligned with how security analysts actually investigate potential security threats than evocative of AI and “the way that the internet works.” This new feature will be released in Q1 2020 by IBM and has been adopted as a component in IBM’s open-source design system. In addition, it is currently being reviewed by IBM as a patent application submission. The commitment of IBM and the team to replace a foundational AI component with one that better aligns to the mental models and practices of its...

People, the Weak Link in Cyber-security: Can Ethnography Bridge the Gap?

SUSAN SQUIRES University of North Texas MOLLY SHADE University of North Texas Information Technology (IT) professionals are racing to keep up with cyber-security threats in the workplace. But, as any cyber-security expert will tell you, security technology is only as good as the people who use it. And, people are a mystery to most cyber-security professionals making them the weak link for security interventions in organizations. To broadly impact current cyber-security awareness, interventions and education, it is crucial to understand how security is understood and applied by the users of technology. Thus, it is no surprise that more and more cyber-security studies are focusing on the individual employee to understand computer-user risk mediation. However, users and their actions do not exist in a vacuum, and their perceptions and subsequent behaviors regarding security risk are shaped by a vast array of beliefs, social relations and workplace practices. This paper reports on a fresh theoretical approach to cyber-security as a group...