A refinement to the general mechanistic account

Hatleback, Eric; Spring, Jonathan M.

doi:10.1007/s13194-018-0237-1

Cited by 3 publications

(8 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There must be capacity to tailor controls to match the specificity of negative behaviour controls and features which facilitate positive behaviours. The work of Hatleback and Spring [44], and Chua et al [17], are steps toward shared terminology to navigate between prevention and preservation of behaviours.…”

Section: Discussionmentioning

confidence: 99%

“…For our purposes, this is directly addressed by adopting the mechanistic approach to cybersecurity described by Hatleback and Spring [44]. With this, a behaviour can be an indexed entity, as a file or data, but also exist as an activity in a system, producing a visible phenomenon.…”

Section: Prevention and Preservation Of Behavioursmentioning

confidence: 99%

“…Address linkages between negative and positive behaviours and/or controls. Controls are engineered mechanisms [44] -it may be assumed but is not always assured that a control precisely addresses only the entity or activity it is intended to act upon. This means there is scope to address linkages.…”

Section: Identifying Lack Of Precision In Risk Controlsmentioning

confidence: 99%

See 2 more Smart Citations

Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours

Parkin

Chua

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Background. Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). This characterises the 'blunt' nature of many cybersecurity controls. Aim. Here we present a synthesis of methods from cybercrime opportunity reduction and behaviour change. Method. We illustrate the method and principles with a range of examples and a case study focusing on online abuse and social media controls, relating in turn to issues inherent in cyberbullying and tech-abuse. Results. The framework describes a capacity to improve the precision of cybersecurity controls, identifying opportunities for risk owners to better protect legitimate users while simultaneously acting to prevent malicious activity in a managed system. Conclusions. We describe capabilities for a novel approach to managing sociotechnical cyber-risk, which can be integrated into typical risk management processes, to allow for side-by-side consideration of efforts to prevent and preserve different behaviours in a system, by examining their shared determinants.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Prevention and Preservation Of Behavioursmentioning

confidence: 99%

See 1 more Smart Citation

Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours

Parkin

Chua

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…To address this shortcoming, we adopt a mechanistic approach similar to that described by Hatleback and Spring [57]. With this, a behaviour can be an indexed entity, as a file or data, but also exist as an activity in a system, producing a visible phenomenon.…”

Section: Condition Three: Dependencies Between Assets and Legitimate ...mentioning

confidence: 99%

“…A foundation for precision in sociotechnical security controls extends the definition of an asset to acknowledge the activities of users that contribute to the asset. This adapts the definition of indexed entities [57] to acknowledge the connection between the entity and the activity -that the activity causes changes to the entity (the data asset) -and that these changes are the phenomena that a cyber-risk owner can see. This relates (positive and negative) real-world behaviours to the identifiable data and IT systems which are subject to the decisions of a cyber-risk owner.…”

Section: Parkin and Yt Chua / Cyber-risk Framework For Coordination O...mentioning

confidence: 99%

A cyber-risk framework for coordination of the prevention and preservation of behaviours1

Parkin

Chua

2022

JCS

View full text Add to dashboard Cite

Cybersecurity controls are deployed to manage risks posed by malicious behaviours or systems. What is not often considered or articulated is how cybersecurity controls may impact legitimate users (often those whose use of a managed system needs to be protected, and preserved). This oversight characterises the ‘blunt’ nature of many cybersecurity controls. Here we present a framework produced from consideration of concerns across methods from cybercrime opportunity reduction and behaviour change, and existing risk management guidelines. We illustrate the framework and its principles with a range of examples and potential applications, including management of suspicious emails in organizations, and social media controls. The framework describes a capacity to improve the precision of cybersecurity controls by examining shared determinants of negative and positive behaviours in a system. This identifies opportunities for risk owners to better protect legitimate users while simultaneously acting to prevent malicious activity in a managed system. We describe capabilities for a novel approach to managing sociotechnical cyber risk which can be integrated alongside elements of typical risk management processes. This includes consideration of user activities as a system asset to protect, and a consideration of how to engage with other stakeholders in the identification of behaviours to preserve in a system.

show abstract

On Malfunction, Mechanisms and Malware Classification

2018

Self Cite

View full text Add to dashboard Cite

Malware has been around since the 1980s and is a large and expensive security concern today, constantly growing over the past years. As our social, professional and financial lives become more digitalized, they present larger and more profitable targets for malware. The problem of classifying and preventing malware is therefore urgent and it is complicated by the existence of several specific approaches. In this paper, we use an existing malware taxonomy to formulate a general, language independent functional description of malware as transformers between states of the host system and described by a trust relation with its components. This description is then further generalised in terms of mechanisms, thereby contributing to a general understanding of malware. The aim is to use the latter in order to present an improved classification method for malware.

show abstract

A refinement to the general mechanistic account

Cited by 3 publications

References 27 publications

Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours

Refining the Blunt Instruments of Cybersecurity: A Framework to Coordinate Prevention and Preservation of Behaviours

A cyber-risk framework for coordination of the prevention and preservation of behaviours1

On Malfunction, Mechanisms and Malware Classification

Contact Info

Product

Resources

About