Identifying risks, mitigating risks, communicating risks: Usable Security

Economics of information security bilbiography and list of events: Economics of Security

Public Service Announcements

The only place to order your free credit report is AnnualCreditReport.com. The other services will either charge you, or keep the information you have authorized them to view and resell it.

Video Risk Communication for Security Don’t quite get security? These should help. Security Awareness Videos for your use.

Network data showing Trump campaign interaction with Alfa Bank is available here at http://www.ljean.com/NetworkData.php for your information.


Why Aren’t Computers Secure?

The popularity of Fake AV and the efficacy of phishing are testament to the fact that human confusion is a one of the drivers in online risk. One of the challenges in security is that it is difficult for people to know if they are working with a secure system or facing a threat. For most people security and privacy are not distinct risks because what matters is that their information is compromised, not the mechanism of information exfiltration. Only the person trying to post anonymously knows the implications of loss of confidentiality or privacy: laughter, annoyance, embarrassment, loss of employment, and (in some cases) even imprisonment. In our research, we empower people to identify, mitigate, and avoid online risk.

Our research on computing risk requires first understanding the risk, using machine learning, statistical methods, network instrumentation, and homogenous communities as well as evaluations of specific protocols and devices. When risk can be identified, we mitigate by design as possible. Sometimes risks must be accepted in order for networks to work, just as risks must be accepted for cars to work. In that case we design systems that embed risk communication, so that people knowingly choose to take a risk to accept a benefit. We empower people to protect themselves, or not, by choosing or avoiding risk online. Please see publications on human-centered computing for the results of our work.

Research
My Information Security Economics general site.

My Human-Centered Security Project.

Risk On The Network, the IU component of the MACROSEC Project.

Ethical Technologies in the Homes of Seniors, ETHOS Project; and here is a video overview.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Office Hours
I have office hours only during the academic year. I am teaching in class and online in fall. My office hours are posted for my students.
901 E 10th St (Informatics)
Room 300
Mondays 15:00 - 18:00 pm
Or by appointment.