Why Rigorous Underpinnings for Cyber Security Education and Training Matter? Experiences from CyBOK: The Cyber Security Body of Knowledge
Awais Rashid, University of Bristol, United Kingdom
Data Security and Privacy in Emerging Scenarios
Pierangela Samarati, Università degli Studi di Milano, Italy
Why Usability Has Become Privacy's Biggest Challenge and What We Can Do About It
Norman Sadeh, Carnegie Mellon University, United States
Why Rigorous Underpinnings for Cyber Security Education and Training Matter? Experiences from CyBOK: The Cyber Security Body of Knowledge
Awais Rashid
University of Bristol
United Kingdom
Brief Bio
Awais Rashid is Professor of Cyber Security at University of Bristol where he heads the Cyber Security Group. He is editor-in-chief and principal investigator for CyBOK. He is also Director of the EPSRC Centre for Doctoral Training in Trust, Identity, Privacy and Security in Large-Scale Infrastructures and Director of the National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN). His research interests are in security of cyber-physical systems, software security and human factors. He leads projects as part of the UK Research Institute on Trustworthy Interconnected Cyber-Physical Systems (RITICS), UK Research Institute on Sociotechnical Cyber Security (RISCS), the Digital Security by Design Hub+ (Discribe) and the PETRAS National Centre of Excellence in Cyber Security of IoT.
Abstract
Cyber security is increasingly in the spotlight, with almost daily news of high profile cyber attacks and data or service losses. At the same time, there are regular reports of large-scale shortages in the cyber security workforce. Cyber security education and training needs to meet these shortages. However, it is also important that our approach to doing so is based on a rigorous scientific basis. In this talk I will discuss the experience of developing such a rigorous approach in the form of CyBOK, the cyber security body of knowledge (https://www.cybok.org), over the last five years. We will not only look at the scientific methods used to define the scope of CyBOK and the rigorous, peer-review, mechanisms to develop the detailed knowledge area descriptions. We will also discuss the variety of use cases enabled by such a knowledge-based framework looking in detail at its role in providing a means to systematically contrast the focus of different professional and academic educational programmes and the knowledge one can expect students to have after completing a particular certification or course. We will also touch on other use cases of CyBOK such as a common framework to define knowledge requirements for roles in the sector and the ability to benchmark knowledge capacity within an organisation or even at a national level.
Data Security and Privacy in Emerging Scenarios
Pierangela Samarati
Università degli Studi di Milano
Italy
http://www.di.unimi.it/samarati
![]()
Brief Bio
Pierangela Samarati is a Professor at the Department of Computer Science of the Università degli Studi di Milano, Italy. Her main research interests are on data and applications security and privacy, especially in emerging scenarios. She has participated in several projects involving different aspects of information protection. On these topics, she has published more than 280 peer-reviewed articles in international journals, conference proceedings, and book chapters. She has been Computer Scientist at SRI, CA (USA) and visiting researcher at Stanford University, CA (USA), and at George Mason University, VA (USA). She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the ERCIM Security and TrustManagement Working Group (STM), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is ACM Distinguished Scientist (named 2009) and IEEE Fellow (named 2012).She has received the ESORICS Outstanding Research Award (2018), the IEEE Computer Society Technical Achievement Award (2016), the IFIP WG 11.3 Outstanding Research Contributions Award (2012), and the IFIP TC11 Kristian Beckman Award (2008).http://www.di.unimi.it/samarati/
Abstract
The rapid advancements in Information and Communication Technologies (ICTs) have been greatly changing our society, with clear societal and economic benefits. Mobile technology, Cloud, Big Data, Internet of things, services and technologies that are becoming more and more pervasive and conveniently accessible, towards to the realization of a 'smart' society’. At the heart of this evolution is the ability to collect, analyze, process and share an ever-increasing amount of data, to extract knowledge for offering personalized and advanced services. A major concern, and potential obstacle, towards the full realization of such evolution is represented by security and privacy issues. As a matter of fact, the (actual or perceived) loss of control over data and potential compromise of their confidentiality can have a strong detrimental impact on the realization of an open framework for enabling collection, processing, and sharing of data, typically stored or processed by external cloud services. In this talk, I will illustrate some security and privacy issues arising in emerging scenarios, focusing in particular on the problem of managing data while guaranteeing confidentiality and integrity of data stored or processed by external providers.
Why Usability Has Become Privacy's Biggest Challenge and What We Can Do About It
Norman Sadeh
Carnegie Mellon University
United States
www.cs.cmu.edu/~sadeh
Brief Bio
Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU). He co-founded and co-directs CMU’s Privacy Engineering Program and also co-founded and for ten years co-directed CMU’s PhD Program in Societal Computing.Until recently, he served as lead principal investigator on two of the largest domestic research projects in privacy, the Usable Privacy Policy Project and the Personalized Privacy Assistant Project. Norman also served as founding CEO and, until its acquisition by Proofpoint, as chairman and chief scientist of Wombat Security Technologies. Technologies he developed with colleagues at CMU and Wombat are now used to protect tens of millions of users around the world against cybersecurity attacks such as phishing. His privacy research has been credited with influencing the development of privacy-enhancing solutions at companies such as Apple, Google and Facebook and results of his research have informed activities at regulatory agencies, including the Federal Trade Commission and the California Office of the Attorney General. In the late nineties Norman also served as Chief Scientist of the EUR 550 million European Union's e-Commerce initiative, which included all pan-European research in cybersecurity and privacy as well as contributions to several major European public policy initiatives.
Abstract
New privacy regulations such as the EU's GDPR or California's CCPA/CPRA require more detailed data practice disclosures and require giving users greater control over their data. While these regulations are enhancing consumer's protection and influencing developments around the world, their practical impact is hampered by fundamental usability challenges: privacy policies, which no one ever reads, have become even longer, privacy choices have become more numerous and complex, and dark patterns aimed at tricking people to make decisions that are not in their best interest abound. In this presentation, I will discuss some of these limitations and how work conducted over the past ten years at Carnegie Mellon University aims to overcome these challenges. The presentation will in particular draw on research conducted in the context of the Usable Privacy Policy Project (https://usableprivacy.org) and Personalized Privacy Assistant Project (https://privacyassistant.org) as well as follow-on projects.