SBES

This project brings together computer scientists, social scientists, and other stakeholders in an attempt to integrate social sciences into the design of future cyber security mechanisms and systems. The workshop fosters the development of new models of and paradigms for cyber security, and will lead to the development of communities of researchers who today do not interact, but whose cooperative work is necessary for the development of cyber security mechanisms and systems.

Maintaining the security of one's systems and devices in a way that ensures the right balance between functionality, security, and convenience remains complicated for most people. For example, people are routinely asked by their systems whether to accept a security certificate, install an application, heed security warnings, or reconfigure operating-system security settings. While these examples represent situations in which people regularly find themselves, people rarely have any basis to make an informed decision or to establish one conveniently.

In this research controlled economics experiments are used to test the predictions of economic theories that hypothesize effective cybersecurity tradeoffs within an organization depends on both worker incentives and the structure of job duties. In these experiments a team of economists and cybersecurity experts are working together to design virtual world experiments that measure the impact of different incentive arrangements and job design on operational cybersecurity risks.

Unauthorized online behavior motivated by social, political, economic and cultural (SPEC) conflicts is increasing. However, research dealing with cyber-attacks has tended to be reactive and to focus on defense, instead of proactive and focused on the root psychological and social causes of such attacks. Despite considerable evidence that trust and distrust impact rule-following behaviors and obedience to the law, little research investigates the role of distrust in promoting unauthorized online behaviors.

Many recent security attacks are financially motivated. Understanding how attackers monetize their activities is critical to combine technological, legal, and economic intervention to render certain classes of attacks unprofitable, and disincentivize miscreants from considering them.