Optimizing Proactive Measures for Security Operations

dc.contributor.advisorMazurek, Michelleen_US
dc.contributor.authorStevens, Rocken_US
dc.contributor.departmentComputer Scienceen_US
dc.contributor.publisherDigital Repository at the University of Marylanden_US
dc.contributor.publisherUniversity of Maryland (College Park, Md.)en_US
dc.date.accessioned2021-02-14T06:35:08Z
dc.date.available2021-02-14T06:35:08Z
dc.date.issued2020en_US
dc.description.abstractDigital security threats may impact governments, businesses, and consumers through intellectual property theft, loss of physical assets, economic damages, and loss of confidence. Significant effort has been placed on technology solutions that can mitigate threat exposure. Additionally, hundreds of years of literature have focused on non-digital, human-centric strategies that proactively allow organizations to assess threats and implement mitigation plans. For both human and technology-centric solutions, little to no prior research exists on the efficacy of how humans employ digital security defenses. Security professionals are armed with commonly adopted "best practices" but are generally unaware of the particular artifacts and conditions (e.g., organizational culture, procurement processes, employee training/education) that may or may not make a particular environment well-suited for employing the best practices. In this thesis, I study proactive measures for security operations and related human factors to identify generalizable optimizations that can be applied for measurable increases in security. Through interview and survey methods, I investigate the human and organizational factors that shape the adoption and employment of defensive strategies. Case studies with partnered organizations and comprehensive evaluations of security programs reveal security gaps that many professionals were previously unaware of --- as well as opportunities for changes in security behaviors to mitigate future risk. These studies highlight that, in exemplar environments, the adoption of proactive security assessments and training programs lead to measurable improvements in organizations' security posture.en_US
dc.identifierhttps://doi.org/10.13016/dbkb-hu8t
dc.identifier.urihttp://hdl.handle.net/1903/26812
dc.language.isoenen_US
dc.subject.pqcontrolledComputer scienceen_US
dc.subject.pquncontrolledCompliance standardsen_US
dc.subject.pquncontrolledDigital securityen_US
dc.subject.pquncontrolledIncident responseen_US
dc.subject.pquncontrolledProactive securityen_US
dc.subject.pquncontrolledSecurity operationsen_US
dc.subject.pquncontrolledThreat modelingen_US
dc.titleOptimizing Proactive Measures for Security Operationsen_US
dc.typeDissertationen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Stevens_umd_0117E_21235.pdf
Size:
5.13 MB
Format:
Adobe Portable Document Format