TY - JOUR
T1 - The Security Expertise Assessment Measure (SEAM)
T2 - Developing a scale for hacker expertise
AU - Giboney, Justin Scott
AU - Proudfoot, Jeffrey Gainer
AU - Goel, Sanjay
AU - Valacich, Joseph S.
N1 - Funding Information:
Sanjay Goel is an Associate Professor and Chair of the Information Technology Management Department, and Director of two information security centers at UAlbany. Dr. Goel received his Ph.D. in Mechanical Engineering from RPI. His research interests include information security, security of cyber physical systems, music piracy, cyber warfare and self-organization in complex systems. He has received grant funding from multiple sources including: National Institute of Justice, U.S. Department of Education, National Science Foundation, Region II University Transportation Research Center, New York State Energy Research and Development Agency (NYSERDA), AT&T Foundation and James S. McDonnell Foundation.
Publisher Copyright:
© 2016 Published by Elsevier Ltd.
PY - 2016/7
Y1 - 2016/7
N2 - Hackers pose a continuous and unrelenting threat. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper develops and validates a conceptual-expertise-based tool that we call SEAM that can be used to discriminate between novice and expert hackers. This tool has the potential to provide information systems researchers with the following two key capabilities: (1) maximizing the generalizability of hacking research by verifying the legitimacy of hackers involved in data collections, and (2) segmenting samples of hackers into different groups based on skill thereby allowing more granular analyses and insights. This paper reports on samples from four different groups: security experts, students, security workers, and Amazon Mechanical Turk hackers. SEAM was able to differentiate between security expertise in different populations (e.g., experts and student novices). We also provide norm development by measuring security workers and Amazon Mechanical Turk hackers.
AB - Hackers pose a continuous and unrelenting threat. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper develops and validates a conceptual-expertise-based tool that we call SEAM that can be used to discriminate between novice and expert hackers. This tool has the potential to provide information systems researchers with the following two key capabilities: (1) maximizing the generalizability of hacking research by verifying the legitimacy of hackers involved in data collections, and (2) segmenting samples of hackers into different groups based on skill thereby allowing more granular analyses and insights. This paper reports on samples from four different groups: security experts, students, security workers, and Amazon Mechanical Turk hackers. SEAM was able to differentiate between security expertise in different populations (e.g., experts and student novices). We also provide norm development by measuring security workers and Amazon Mechanical Turk hackers.
KW - Conceptual expertise
KW - Hacker ability
KW - Hacking techniques
KW - Security knowledge
KW - Skill measurement
UR - http://www.scopus.com/inward/record.url?scp=84962911175&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962911175&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2016.04.001
DO - 10.1016/j.cose.2016.04.001
M3 - Article
AN - SCOPUS:84962911175
SN - 0167-4048
VL - 60
SP - 37
EP - 51
JO - Computers and Security
JF - Computers and Security
ER -