Measuring Security Practices and How They Impact Security

被引：7

作者：

DeKoven, Louis F. ^{[1
]}

Randall, Audrey ^{[1
]}

Mirian, Ariana ^{[1
]}

Akiwate, Gautam ^{[1
]}

Blume, Ansel ^{[1
]}

Saul, Lawrence K. ^{[1
]}

Schulman, Aaron ^{[1
]}

Voelker, Geoffrey M. ^{[1
]}

Savage, Stefan ^{[1
]}

机构：

[1] Univ Calif San Diego, La Jolla, CA 92093 USA

来源：

IMC'19: PROCEEDINGS OF THE 2019 ACM INTERNET MEASUREMENT CONFERENCE | 2019年

关键词：

D O I：

10.1145/3355369.3355571

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security is a discipline that places significant expectations on lay users. Thus, there are a wide array of technologies and behaviors that we exhort end users to adopt and thereby reduce their security risk. However, the adoption of these "best practices" - ranging from the use of antivirus products to actively keeping software updated - is not well understood, nor is their practical impact on security risk well-established. This paper explores both of these issues via a large-scale empirical measurement study covering approximately 15,000 computers over six months. We use passive monitoring to infer and characterize the prevalence of various security practices in situ as well as a range of other potentially security-relevant behaviors. We then explore the extent to which differences in key security behaviors impact real-world outcomes (i.e., that a device shows clear evidence of having been compromised).

引用

页码：36 / 49

页数：14

共 50 条

[1] Measuring Security Practices
DeKoven, Louis F.
Randall, Audrey
Mirian, Ariana
Akiwate, Gautam
Blume, Ansel
Saul, Lawrence K.
Schulman, Aaron
Voelker, Geoffrey M.
Savage, Stefan
[J]. COMMUNICATIONS OF THE ACM, 2022, 65 (09) : 93 - 102
[2] Measuring user satisfaction with information security practices
Zimmermann Montesdioca, Gustavo Percio
Gastaud Magada, Antonio Carlos
[J]. COMPUTERS & SECURITY, 2015, 48 : 267 - 280
[3] How to design a method for measuring IT security in micro enterprises for IT security level measuring? A literature analysis
Heidenreich, Michael
[J]. 2017 COMMUNICATION AND INFORMATION TECHNOLOGIES (KIT), 2017, : 47 - 55
[4] IMPACT OF EDUCATION ON SECURITY PRACTICES IN ICT
Bostan, Atila
Akman, Ibrahim
[J]. TEHNICKI VJESNIK-TECHNICAL GAZETTE, 2015, 22 (01): : 161 - 168
[5] Overcoming a False Sense of Security How to Deeducate Current Security and Control Practices
Jeimy, J. Cano M.
[J]. ISACA Journal, 2022, 1 : 47 - 52
[6] Measuring Security
Bilbao, Alfonso
Bilbao, Enrique
[J]. 2013 47TH INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2013,
[7] Measuring Security
Stolfo, Sal
Bellovin, Steven M.
Evans, David
[J]. IEEE SECURITY & PRIVACY, 2011, 9 (03) : 60 - 65
[8] SECURITY INTERESTS IN SECURITIES - HOW CODE REVISION REFLECTS MODERN SECURITY-HOLDING PRACTICES
ARONSTEIN, MJ
[J]. UNIFORM COMMERCIAL CODE LAW JOURNAL, 1978, 10 (04): : 289 - 308
[9] PERSPECTIVE: HOW QUANTUM TECHNOLOGY WILL IMPACT SECURITY
Melia, Jane
[J]. COMPUTER, 2016, 49 (09) : 18 - 19
[10] The impact of information security management practices on organisational agility
Zaini, Muhamad Khairulnizam
Masrek, Mohamad Noorman
Sani, Mad Khir Johari Abdullah
[J]. INFORMATION AND COMPUTER SECURITY, 2020, 28 (05) : 681 - 700

← 1 2 3 4 5 →