Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment

  title={Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment},
  author={Zoe King and Diane S. Henshel and Liberty Flora and M. Cains and Blaine Hoffman and Char Sample},
  journal={Frontiers in Psychology},
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing… 

Figures from this paper

Defining Cyber Security and Cyber Security Risk within a Multidisciplinary Context using Expert Elicitation

This expert elicitation process was used to develop comprehensive definitions of cyber security (cybersecurity) and cyber security risk that encompass the contextual frameworks of all the disciplines represented in the collaboration and explicitly incorporates human factors as significant cyber securityrisk factors.

A Survey on Human and Personality Vulnerability Assessment in Cyber-security: Challenges, Approaches, and Open Issues

This work proposes a user susceptibility profile according to the factors stemming from the research, and explores and describes stateof-the-art human vulnerability assessment models, current prevention, and mitigation approaches regarding user susceptibility, as well as educational and awareness-raising training strategies.

Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research

Some areas of research connected to the human factor in cybersecurity and potential issues are reviewed, including the decrease of driver’s driving skills as a result of using AV and its connection to cybersecurity skills.

The Role of User Behaviour in Improving Cyber Security Management

The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods.


This paper focusses on the cyber security trends and corresponding challenges and investigates the vulnerabilities available in the network.

An Assessment of Employee Knowledge, Awareness, Attitude towards Organizational Cybersecurity in Cameroon

It is found that over 61% of the participants do not have sufficient knowledge of their organization cyber security policies and the over 60% of employees’ mistakes or violations of security policy are not disciplined or penalized is a demonstration of lack of legal status of cyber-attacks.

Organizational science and cybersecurity: abundant opportunities for research at the interface

The current manuscript serves as an introduction and invitation to cybersecurity research by organizational scientists, and defines cybersecurity, provides definitions of key cybersecurity constructs relevant to employee behavior, and illuminate the unique opportunities available to organizational scientists in the cybersecurity arena.

Distributed Attack Deployment Capability for Modern Automated Penetration Testing

This system is designed to test and prepare critical infrastructure for what the future of cyberattacks looks like, and proposes a new type of attack framework that provides precise and granular attack control and higher perception within a set of infected infrastructure.

Conducting Malicious Cybersecurity Experiments on Crowdsourcing Platforms

This research explored the applicability of using two popular crowdsourcing platforms, Amazon Mechanical Turk and Prolific, to conduct web hacking experiments to investigate the Oppositional Human Factors (OHFs) in a manageable and flexible way.



Trust as a Human Factor in Holistic Cyber Security Risk Assessment

Towards a Human Factors Ontology for Cyber Security

The Human Factors Ontology illustrates the individual characteristics, situational characteristics, and relationships that influence the trust given to an individual and the biases affecting the ability to give said trust.

Integrating Cultural Factors into Human Factors Framework and Ontology for Cyber Attackers

In an effort to further understand (and measure) how human factors influence cybersecurity risk, this work proposes incorporating individuals’ national culture within the human factors framework component of the authors' holistic cybersecurity risk assessment framework.

Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents

The extent to which cyber security incidents, such as those referenced by Verizon in its annual Data Breach Investigations Reports (DBIR), can be predicted based on externally observable properties of an organization's network is characterized.

Stuxnet and the Future of Cyber War

The discovery in June 2010 that a cyber worm dubbed ‘Stuxnet’ had struck the Iranian nuclear facility at Natanz suggested that, for cyber war, the future is now. Yet more important is the political

Deterring Malicious Behavior in Cyberspace

Whether the contemporary and complementary deterrence strategies of retaliation, denial, and entanglement are sufficient to deter malicious cyber actors or if the alternative of active cyberdefense is necessary and viable is analyzed.

A genetic epidemiology approach to cyber-security

A methodology to associate services to threats inspired by the tools used in genetics to identify statistical associations between mutations and diseases is proposed, offering an automated high-throughput strategy to develop comprehensive metrics for cyber-security.

Cyber terrorism: a clear and present danger, the sum of all fears, breaking point or patriot games?

Over the past two decades there has developed a voluminous literature on the problem of cyber terrorism. The themes developed by those writing on cyber terrorism appear to spring from the titles of

Analysis of end user security behaviors

A Psychological Profile of Defender Personality Traits

The sampled security population demonstrated that they were highly dutiful, achievement-striving, and cautious, and were high in morality and cooperation, but low in imagination, which implies that security professionals might be more reactive to security threats, rather than proactive in discovering them before they are used by adversaries.