The purpose of this chapter is to present the results of an empirical study of the computer security practices and perceptions of the next generation of corporate computer users, undergraduate university students. The authors surveyed undergraduate university students who represented 42 different majors. The findings relate to the students’ usage of antivirus programs, firewalls, password secur...

For years, "hackers" have broken into computer systems, and now an entire industry is dedicated to computer network security. Both hackers and computer security professionals have developed software tools for either breaking into systems or identifying potential security problems within computer networks. This software can be found on compromised systems as well as within the toolkits of legiti...

The National Computer Systems Laboratory (NCSL) and the National Computer Security Center (NCSC) of the Department of Defense co-sponsored the Eleventh National Computer Security Conference held in Baltimore, Maryland on October 17-20, 1988. More than 1600 attendees from government, industry, and academia participated in the four-day conference which provided a forum for the exchange of ideas a...

A model of computer system security operation is developed based on the fork-join queueing network formalism. We introduce a security operation performance measure, and show how it may be used to performance evaluation of actual systems. Key-Words: computer system security, security attack, security vulnerability, performance evaluation, fork-join queueing networks.

Providing computer security laboratory exercises enables students to experience and understand the underlying concepts associated with computer security, but there are many impediments to the creation of realistic exercises of this type. Virtualization provides a mechanism for creating and deploying authentic computer security laboratory experiences for students while minimizing the associated ...

Computer security problems often occur when there are disconnects between users’ understanding of their role in computer security and what is expected of them. To help users make good security decisions more easily, we need insights into the challenges they face in their daily computer usage. We built and deployed the Security Behavior Observatory (SBO) to collect data on user behavior and mach...

Computer security as a technical matter is complex, and opaque for those who are not themselves computer professionals but who encounter, or are ultimately responsible for, computer systems. This paper presents the essentials of computer security in non-technical terms, with the aim of helping people affected by computer systems to understand what security is about and to withstand the blinding...

Today, computer systems are more and more complex and support growing security risks. The security managers need to find effective security risk assessment methodologies that allow modeling well the increasing complexity of current computer systems but also maintaining low the complexity of the assessment procedure. This paper provides a brief analysis of common security risk assessment methodo...

No doubt that computer security is a hot topic nowadays: given the importance of computer-assisted activities, protection of computer system is of the utmost importance. However we have insofar failed to evaluate the actual security level of a system and thus to justify (either in technical or economical terms) the investments in security. This paper highlights the motivations to improve securi...

Cybersecurity competitions are getting more attention as a prominent approach of computer security education in the past years. It is vital to look into better ways to engage beginners in the competitions to improve computer security education. This work collected and analyzed the solutions of about 3600 Capture The Flag (CTF) challenges from 160 security competitions in the past three years. T...