This module is a resource for lecturers

References

(Materials with * will be soon available at the Sherloc Bibliography Database)

Publications and online portals

Adams, Anne, Martina Angela Sasse, and Peter Lunt. (1997). Making passwords secure and usable. In: People and Computers XII - Proc. of the 7th International Conference on Human-Computer Interaction (HCI'97), Springer.
Balfanz, Dirk, Glenn Durfee, Diana K. Smetters, and R. E. Grinter. (2004). In search of usable security: Five lessons from the field. Security & Privacy, IEEE, Vol. 2(5), 19-24.*
Barth, Bradley. (2018). Monero bug that doubled coin transfer amounts allowed attackers to steal from Altex.exchange. SC magazine, 3 August 2018.
Borodkin, Michelle. (2001). Computer Incident Response Team.*
Bursztein, Elie, Jonathan Aigrain, Angelika Moscicki, and John C. Mitchell. (2014). The end is nigh: Generic solving of text-based CAPTCHAs. In: Proceedings of the 8th USENIX Workshop on Offensive Technologies.
Cavusoglu Huseyin, Srinivasan Raghunathan, and Hasan Cavusoglu. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Information Systems Research, Vol. 20(2), 198-217.
Cencini, Andrew, Kevin Yu and Tony Chan. (2005). Software Vulnerabilities: Full-, Responsible-, and Non-Disclosure. University of Washington Computer Science & Engineering.
Clarke, Ronald V. (2004). 25 Techniques of Situational Crime Prevention. Presentation at Problem-Oriented Policing Conference (Charlotte, 28-30 October 2004).
Clarke, Ronald V. G. (1980). Situational crime prevention: Theory and practice. British Journal of Criminology, Vol. 20(1), 136-147.*
Cornish, Derek B., & Clarke, R. V. G. (2003). Opportunities, precipitators, and criminal decisions: A reply to Wortley's critique of situational crime prevention. In: Martha J. Smith and Derek B. Cornish (Guest Eds.). Theory for practice in situational crime. Willan.
Cranor, Lorrie Faith and Simon L. Garfinkel. (2005). Security and Usability: Designing Secure Systems That People Can Use. O'Reilly.
CVE. (n.d.). About CVE.
Dali, Alex and Christopher Lajtha. (2012). ISO 31000 Risk Management - "The Gold Standard". EDPACS, Vol. 45(5), 1-8.
Dix, Alan, Janet Finlay, Gregory D. Abowd, and Russell Beale. (2004). Human-Computer Interaction, 3rd ed. Prentice Hall.
Eloff, M. M. and J. H. P. Eloff. (2002). Human Computer Interaction: An Information Security Perspectives. In: M. Adeeb Ghonaimy, Mahmoud T. El-Hadidi and Heba K. Aslan. Security in the Information Society: Visions and perspectives. Springer.
ENISA. (2017). Hardware Threat Landscape and Good Practice Guide , Version 1.
Finn, Mary A. and Loretta J. Stalans. (2016). How Targeted Enforcement Shapes Marketing Decisions of Pimps: Evidence of Displacement and Innovation. Victims and Offenders, Vol. 11(4), 578-599.*
Freund, Jack and Jack Jones. (2015). Measuring and managing information risk: A FAIR approach. Butterworth-Heinemann.
Furnell, Steven. (2005). Why users cannot use security. Computers & Security, Vol. 24(4), 274-279.
Gao, Song, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang. (2014). Gaming the game: defeating a game CAPTCHA with efficient and robust hybrid attacks. 2014 IEEE International Conference on Multimedia and Expo, 1-6.
Greenberg, Andy. (2017). Hackers Say they've broken FaceID a week after iPhone X release. Wired, 11 December 2017.
Greenberg, Andy. (2017). How secure is the iPhone X's FaceID? Here's what we know? Wired, 9 December 2017.
Grossklags, Jens and Benjamin Johnson. (2009). Uncertainty in the weakest-link security game. International Conference on Game Theory for Networks (13-15 May 2009).
Gunson, Nancy, Diarmid Marshall, Hazel Morton, and Mervyn Jack. (2011). User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Computers & Security, Vol. 30(4), 208 - 220.
Guynn, Jessica. (2017). Facebook Live violence horrifies users, who say Facebook's still not doing enough. USA Today, 3 May 2017.
Householder, Allen D., Garret Wassermann, Art Manion, and Chris King. (2017). The CERT Guide to Coordinated Vulnerability Disclosure.
Hoyle, David. (2018). ISO 9000 Quality Systems Handbook -updated for the ISO 9001: 2015 standard (7th edition). Routledge.
Hubbard, Douglas W. and Richard Seiersen. (2016). How to Measure Anything in Cybersecurity Risk . Wiley.*
Isaac, Mike and Christopher Mele. (2017). A murder posted on Facebook prompts outrage and questions over responsibility. New York Times, 17 April, 2017
ITU. (2008). Overview of cybersecurity. Recommendation ITU-T X.1205. Series X: Data Networks, Open System Communications And Security.*
Karat, Clare-Marie, John Karat, and Carolyn Brodie. (2005). Usability Design and Evaluation for Privacy and Security Solutions. In Lorrie Faith Cranor and Simon L. Garfinkel (eds), Designing Secure Systems That People Can Use. O'Reilly & Associates.
Knight, Frank. (1921). Risk, Uncertainty, and Profit. University of Chicago Press.
Lehtinen, Rick, Deborah Russell, and G. T. Gangemi Sr. (2006). Computer Security Basics . O'Reilly Media.*
Luko, Stephen N. (2013). Risk Management Terminology. Quality Engineering, Vol. 25 (3), 292-297.
Maras, Marie-Helen. (2014a). Computer Forensics: Cybercriminals, Laws, and Evidence . Jones and Bartlett.*
Maras, Marie-Helen. (2016). Cybercriminology . Oxford University Press.*
Maras, Marie-Helen. (2014b). Transnational Security . CRC Press.*
Matthew, Lee. (2017). File with 1.4 Billion Hacked and Leaked Passwords Found on the Dark Web. Forbes, 11 December 2017.
NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity . National Institute of Standards and Technology.
NIST. (2012). Guide for Conducting Risk Assessments . NIST Special Publication 800-30 Revision 1.
Nurse, Jason R. C., Sadie Creese, Michael Goldsmith, and Koen Lamberts. (2011). Guidelines for Usable Cybersecurity: Past and Present . Third International Workshop on Cyberspace Safety and Security.*
Pfleeger, Shari Lawrence, M. Angela Sasse, and Adrian Furnham, (2014). From Weakest Link to Security Hero: Transforming Staff Security Behavior. Homeland Security & Emergency Management, Vol.11(4), 489-510.*
Proffitt, Timothy. (2007). Creating and Managing an Incident Response Team for a Large Company . 35.
Sasse, M. Angela, and Ivan Flechais. (2005). The Case for Usable Security. In: Lorrie Faith Cranor and Simon L. Garfinkel (eds), Designing Secure Systems That People Can Use. O'Reilly & Associates.
Sasse, M. Angela, Sacha Brostoff, and D. Weirich. (2001). Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technology Journal, Vol. 19(3), 122-131.*
Schneier, Bruce. (2000). Secrets & Lies: Digital Security in a Networked World . John Wiley & Sons, Inc.*
Sherwood, John, Andrew Clark, and David Lynas. (2005). Enterprise security architecture: a business-driven approach. CMP Books.
Sivakorn, Suphannee, Iasonas Polakis and Angelos D. Keromytis. (2016). I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs. In: Proceedings of the 1st IEEE European Symposium on Security and Privacy, Saarbrucken, Germany (21-24 March 2016), 388-403.
Stalans, Loretta J. and Mary A. Finn. (2016). Consulting legal experts in the real and virtual world: Pimps' and johns' cultural schemas about strategies to avoid arrest and conviction. Deviant Behavior, Vol. 37(6), 644-664.*
Trull, Jonthan. (2015). Responsible Disclosure: Cyber Security Ethics. CSO, 26 February 2015.
UN ECOSOC. Resolution 2002/13 .
UNODC. (2010). Handbook on the crime prevention guidelines: Making them work .*
Ur, Blase, et al. (2016). Do users' perceptions of password security match reality? In: Proceedings of the 2016 CHI conference on human factors in computing systems. ACM, 3748-3760.
US Department of Homeland Security (DHS) (n.d.). Cyber Storm: Securing Cyber Space .*
US Federal Trade Commission Consumer Information. (2017). Computer Security.
Venter Hein S. and Jon H. Eloff. (2003). A taxonomy for information security technologies. Computers & Security, Vol. 22(4), 299-307.
von Solms, Rossouw and Johan van Niekerk. (2013). From information security to cyber security. Computers & Security, Vol. 38, 97-102.*
Whitten, Alma and J. D. Tygar. (1999). Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, Washington D.C., America.
Yee, Ka Ping. (2004). Aligning security and usability. Security & Privacy, Vol. 2(5), 48-55.

Cases

Fisher v. United States, 96 S.Ct. 1569 (1976)
King v. McLellan (1974) VR 773
People v. Smith, 86 AD2d 251 (NY App Div 3d Dept 1982)
Saunders v. United Kingdom (Application no. 19187/91) (1996) 23 EHRR 313
Schmerber v. California, 384 U.S. 757 (1966)
Sorby v Commonwealth (1983) 152 CLR 281
State v. Diamond, 2018 WL 443356 (Minn. 2018)
State of U.P. v. Sunil on 2 May, 2017, judgment of Supreme Court (India)
United States v. Wade, 388 U.S. 218 (1967)
U.S. v. Dionisio, 410 U.S. 1 (1973)
Virginia v. Baust, No. CR14-1439 (Va. Cir. October 28, 2014)

UNODC Teaching Module Series: Cybercrime

Module 9: Cybersecurity and Cybercrime Prevention - Practical Applications and Measures

Introduction and learning outcomes

Key issues

Exercises

Possible class structure

Core reading

Advanced reading

Student assessment

Additional teaching tools

This module is a resource for lecturers

References

Publications and online portals

Cases

Next: Exercises

Back to top