Assessing the Insider: dis/engaged hero or armed villain
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
This work aims to explore human factors by understanding engagement, and what the
barriers to engagement might be, and what they mean for cybersecurity behaviour. Engagement
can involve communications campaigns which aim to influence behaviour change but
engagement can also relate to the relationship between the employer and the
employee, and the degree of commitment, trust, loyalty, psychological contract and
moral disengagement that may be playing a part in the development (or absence) of
cybersecurity behaviour.
We can't assume that given the appropriate tools and knowledge that people will
engage and adopt conducive cybersecurity behaviour just because they are asked to.
This work explores the hidden depths psychologically-speaking, to better understand
human factors and how they relate to cybersecurity, and the most effective ways of
stimulating long-term behaviour change through cybersecurity awareness campaigns.
So far, evaluation of awareness campaigns have centred around social media statistics,
which is not helpful when trying to understand actual impact and behaviour change.
This work also looks deeply into Insider Threat and aims to develop preventative tools
with the use of metrics that serve to identify insider risk at an early stage. This is useful
to all organisations, but particularly security services who have a graver need to hire
and retain talent that will remain committed and morally engaged to protecting the
nation and its infrastructure.
In this way, this work aims to develop ways to advance and promote interventions that
help to create a secure and thriving environment in the face of constant threat of cyberattack
and espionage.
barriers to engagement might be, and what they mean for cybersecurity behaviour. Engagement
can involve communications campaigns which aim to influence behaviour change but
engagement can also relate to the relationship between the employer and the
employee, and the degree of commitment, trust, loyalty, psychological contract and
moral disengagement that may be playing a part in the development (or absence) of
cybersecurity behaviour.
We can't assume that given the appropriate tools and knowledge that people will
engage and adopt conducive cybersecurity behaviour just because they are asked to.
This work explores the hidden depths psychologically-speaking, to better understand
human factors and how they relate to cybersecurity, and the most effective ways of
stimulating long-term behaviour change through cybersecurity awareness campaigns.
So far, evaluation of awareness campaigns have centred around social media statistics,
which is not helpful when trying to understand actual impact and behaviour change.
This work also looks deeply into Insider Threat and aims to develop preventative tools
with the use of metrics that serve to identify insider risk at an early stage. This is useful
to all organisations, but particularly security services who have a graver need to hire
and retain talent that will remain committed and morally engaged to protecting the
nation and its infrastructure.
In this way, this work aims to develop ways to advance and promote interventions that
help to create a secure and thriving environment in the face of constant threat of cyberattack
and espionage.
Planned Impact
The EPSRC Centre for Doctoral Training in Cybersecurity will train over 55 experts in multi-disciplinary aspects of cybersecurity, from engineering to crime science and public policy.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Short term impacts are associated with the research outputs of the 55+ research projects that will be undertaken as part of the doctoral studies of CDT students. Each project will tackle an important cybersecurity problem, propose and evaluate solutions, interventions and policy options. Students will publish those in international peer-reviewed journals, but also disseminate those through blog posts and material geared towards decision makers and experts in adjacent fields. Through industry placements relating to their projects, all students will have the opportunity to implement and evaluate their ideas within real-world organizations, to achieve short term impact in solving cybersecurity problems.
In the longer term graduates of the CDT will assume leading positions within industry, goverment, law enforcement, the third sector and academia to increase the capacity of the UK in being a leader in cybersecurity. From those leadership positions they will assess options and formulate effective interventions to tackle cybercrime, secure the UK's infrastructure, establish norms of cooperation between industries and government to secure IT systems, and become leading researcher and scholars further increasing the UK's capacity in cybersecurity in the years to come. The last impact is likely to be significant give that currently many higher education training programs do not have capacity to provide cybersecurity training at undergraduate or graduate levels, particularly in non-technical fields.
The full details of our plan to achieve impact can be found in the "Pathways to Impact" document.
Organisations
People |
ORCID iD |
| Ingolf Becker (Primary Supervisor) | |
| Nadine Michaelides (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S022503/1 | 01/04/2019 | 23/11/2028 | |||
| 2574858 | Studentship | EP/S022503/1 | 01/10/2021 | 30/09/2025 | Nadine Michaelides |