The Security Expertise Assessment Measure (SEAM): Developing a scale for hacker expertise

详细信息    查看全文

• 作者：Justin Scott Giboney^a ; ^{jgiboney@albany.edu" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Jeffrey Gainer Proudfoot^bAuthor Vitae ; Sanjay Goel^aAuthor Vitae ; Joseph S. Valacich^cAuthor Vitae
• 关键词：Hacker ability ; Conceptual expertise ; Skill measurement ; Security knowledge ; Hacking techniques
• 刊名：Computers & Security
• 出版年：2016
• 出版时间：July 2016
• 年：2016
• 卷：60
• 期：Complete
• 页码：37-51
• 全文大小：1398 K

文摘

Hackers pose a continuous and unrelenting threat. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper develops and validates a conceptual-expertise-based tool that we call SEAM that can be used to discriminate between novice and expert hackers. This tool has the potential to provide information systems researchers with the following two key capabilities: (1) maximizing the generalizability of hacking research by verifying the legitimacy of hackers involved in data collections, and (2) segmenting samples of hackers into different groups based on skill thereby allowing more granular analyses and insights. This paper reports on samples from four different groups: security experts, students, security workers, and Amazon Mechanical Turk hackers. SEAM was able to differentiate between security expertise in different populations (e.g., experts and student novices). We also provide norm development by measuring security workers and Amazon Mechanical Turk hackers.