Cyber security is a research area that crosses multiple research areas, including Information Security, in particular for critical systems and end-users, or Identity & Privacy, where the strong identification provides a trust root and privacy the safeguards for citizens. Our cyber security research focuses mostly on combating cybercrime and protecting the social fabric. Cybercrime is a composition of crime and cyberspace.
The crime component implies the presence of a perpetrator, an adversary whose actions are harmful or costly for society. Crime also implies the involvement of a physical entity, for instance the victim or the capitalization in physical money, which implies in turn that there is no cybercrime entirely in cyberspace, in which we follow the defenition of Benenson et al. [Benenson2011]. There are always human beings that act or are acted upon, which raises the question of human factors in security.
The cyberspace component implies that there is a cyber element present, where the most likely case may be hurt done by cyber means. Cyberspace may be the medium for the crime or be used by the perpetrator to gain more scalability. Newman [Newman2009] categorizes the role of cyberspace into tool, target or place for the crime.
In Newcastle, we research security against cybercrime, organized in the CCCS, along four themes:
Human decision making impacts cyber security, this is part of the research hypothesis of the Cyber Security Research Institute on Choice Architecture for Information Security. We believe that human users, e.g., victims in a cybercrime, are affected by decision biases, even if they are supported by rigorous decision making methods. Our work aims at integrating human factors in cyber security work.