In this thesis, we will study the human and organizational factors that shape the adoption and employment of defensive strategies and identify optimizations that can be applied for measurable increases in security. To do this, we will use a range of methods to measure the efficacy of security mechanisms in real-world environments. Thus far, we have completed multiple case studies with partnered organizations and comprehensive evaluations of federal compliance programs that mandate security controls in many organizations across the United States. From our results, we have identified the importance that various learning styles and organizational adoption methods have played on reinforcing security practices. We suggest further work in understanding how organizations select proactive security measures to offset security gaps that may be caused by compliance standards. Through extensive surveys and interviews, we will attempt to understand how organizations prioritize security efforts, how well proactive security controls work under various conditions, and how organizations continually assess security without guidance from mandatory programs. This novel research will illuminate best practices within an under-researched area and hopefully lead to broader community awareness for ways to proactively improve security operations.
Dept rep: Dr. Jennifer Golbeck
Members: Dr. Dave Levin
Dr. John Dickerson
Dr. Tudor Dumitras
Rock Stevens is a computer science Ph.D. student at the University of Maryland researching human factors in digital security. He received a M.S. in computer science from the University of Maryland and a M.A. in National Security and Strategic Studies from the U.S. Naval War College. Contact him at firstname.lastname@example.org.