Information and Cyber Security

Information and cyber security research examines how organizations protect their data, systems, and networks from both external attackers and employees who misuse access, studying the technical, behavioral, and managerial forces that shape whether defenses hold in practice. A central concern is why people inside organizations often fail to follow security policies even when they understand the risks, prompting researchers to draw on deterrence theory, behavioral economics, and game theory to model how incentives, fear appeals, and organizational culture shift individual decisions. On the technical side, tools like attack graphs help analysts map how an adversary might chain together small vulnerabilities to reach a critical asset, feeding into formal risk management frameworks that let decision-makers prioritize where to invest limited resources. Open questions include how to design compliance interventions that remain effective as threats evolve, and how to balance surveillance and trust when addressing insider threats without undermining the workplace cooperation that good security also depends on.

Works

96,605

Total citations

525,532

Keywords

Information SecurityPolicy ComplianceSecurity AwarenessDeterrenceAttack GraphsRisk Management