For both human and technology-centric solutions, little to no prior research exists on the efficacy of how humans employ digital security defenses. Security professionals are armed with commonly adopted "best practices" but are generally unaware of the particular artifacts and conditions (e.g., organizational culture, procurement processes, employee training/education) that may or may not make a particular environment well-suited for employing the best practices.
In this thesis, I study proactive measures for security operations and related human factors to identify generalizable optimizations that can be applied for measurable increases in security. Through interview and survey methods, I investigate the human and organizational factors that shape the adoption and employment of defensive strategies. Case studies with partnered organizations and comprehensive evaluations of security programs reveal security gaps that many professionals were previously unaware of --- as well as opportunities for changes in security behaviors to mitigate future risk. These studies highlight that, in exemplar environments, the adoption of proactive security assessments and training programs lead to measurable improvements in organizations' security posture.
Dean's rep: Dr. Jennifer Golbeck
Members: Dr. Tudor Dumitras
Dr. John Dickerson
Rock Stevens is a computer science Ph.D. candidate at the University of Maryland researching human factors in digital security. He received a M.S. in computer science from the University of Maryland and a M.A. in national security and strategic studies from the U.S. Naval War College. Contact him at email@example.com.