Konstantin Beznosov ; Olga Beznosova

16 April 2007

Abstract: This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors enabled us to analyze the concentration of public research efforts by defenders. Our analysis suggests that over 94% of the public research in computer security has been concentrated on technological advances. Yet attackers seem to employ more and more human and social factors in their attacks. As the arms race in computer security progresses, social factors may become or already are increasingly important. The side that capitalizes on them sooner may gain the competitive advantage. Drawing on recent results in the organizational theory, sociology, and political science, we discuss avenues for investigating the social dimension by the defenders.

Keyword(s): Computer Security ; Social Factors ; Organizational Factors ; HOT Admin ; Usable Security

Published in: Konstantin Beznosov, Olga Beznosova "On the Imbalance of the Security Problem Space and its Expected Consequences," To appear in Symposium on Human Aspects of Information Security & Assurance (HAISA), Plymouth, UK, 10 July, 2007, pp.10. :