Ozgur Kafali, University of Kent
The Social Side of Security: Requirements, Regulations, and Breaches
Cybersecurity underpins the lives of ordinary people---their safety, work, health, and entertainment. Yet despite its importance, cybersecurity is often approached in a reactive manner---taking corrective actions to "patch" vulnerabilities after they are detected or exploited. In modern ICT systems, secure and privacy-aware governance can only be achieved by bridging the divide between technical solutions such as access control and the human and social factors associated with the users of such systems. In this talk, I will first review the building blocks for developing computational models for the social side of security, namely normative models used for representation of and reasoning about security and privacy requirements and regulations. I will then describe how such models can be combined with other AI techniques to reason about security breaches, understand tradeoffs, and revise requirements. Finally, I will conclude with some of the open areas and future directions that I would like to pursue such as digital forensics.