Archive for the ‘Carnegie Mellon University’ Category

What do they know about me? Contents and Concerns of Online Behavioral Profiles

September 1, 2014 Comments off

What do they know about me? Contents and Concerns of Online Behavioral Profiles (PDF)
Source: Carnegie Mellon Univeristy (Cylab)

Data aggregators collect large amounts of information about individual users from multiple sources, and create detailed online behavioral profiles of individuals. Behavioral profiles benefit users by improving products and services. However, they have also raised privacy concerns. To increase transparency, some companies are allowing users to access their behavioral profiles. In this work, we investigated behavioral profiles of users by utilizing these access mechanisms. Using in-person interviews (n=8), we analyzed the data shown in the profiles and compared it with the data that companies have about users. We elicited surprises and concerns from users about the data in their profiles, and estimated the accuracy of profiles. We conducted an online survey (n=100) to confirm observed surprises and concerns. Our results show a large gap between data shown in profiles and data possessed by companies. We also find that large number of profiles contain inaccuracies with levels as high as 80%. Participants expressed several concerns including collection of sensitive data such as credit and health information, extent of data collection and how their data may be used.

Silent Listeners: The Evolution of Privacy and Disclosure on Facebook

March 17, 2014 Comments off

Silent Listeners: The Evolution of Privacy and Disclosure on Facebook
Source: Carnegie Mellon University

Over the past decade, social network sites have experienced dramatic growth in popularity, reaching most demographics and providing new opportunities for interaction and socialization. Through this growth, users have been challenged to manage novel privacy concerns and balance nuanced trade-offs between disclosing and withholding personal information. To date, however, no study has documented how privacy and disclosure evolved on social network sites over an extended period of time. In this manuscript we use profile data from a longitudinal panel of 5,076 Facebook users to understand how their privacy and disclosure behavior changed between 2005—the early days of the network—and 2011. Our analysis highlights three contrasting trends. First, over time Facebook users in our dataset exhibited increasingly privacy-seeking behavior, progressively decreasing the amount of personal data shared publicly with unconnected profiles in the same network. However, and second, changes implemented by Facebook near the end of the period of time under our observation arrested or in some cases inverted that trend. Third, the amount and scope of personal information that Facebook users revealed privately to other connected profiles actually increased over time—and because of that, so did disclosures to “silent listeners” on the network: Facebook itself, third-party apps, and (indirectly) advertisers. These findings highlight the tension between privacy choices as expressions of individual subjective preferences, and the role of the environment in shaping those choices.

Common Sense Guide to Mitigating Insider Threats, 4th Edition

January 23, 2013 Comments off

Common Sense Guide to Mitigating Insider Threats, 4th Edition

Source: Carnegie Mellon University

This fourth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT® Program (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded database of more than 700 insider threat cases and continued research and analysis. It introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, and outlines current patterns and trends. The guide then describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes features new to this edition: challenges to implementation, quick wins and high-impact solutions for small and large organizations, and relevant security standards. This edition also focuses on six groups within an organization-human resources, legal, physical security, data owners, information technology, and software engineering-and maps the relevant groups to each practice. The appendices provide a revised list of information security best practices, a new mapping of the guide’s practices to established security standards, a new breakdown of the practices by organizational group, and new checklists of activities for each practice.

Child Identity Theft

August 12, 2011 Comments off

Child Identity Theft (PDF)
Source: Carnegie Mellon University (CyLab)

In the cyber-centric world of the 21st Century, parents have many risks and threats to ponder as they attempt to provide a safe present and a secure future for their children. Each day, a new danger seems to capture the headlines, from exposure to online predators to the cyber-bullying by schoolmates. Meanwhile, those parents are looking over their own shoulders, careful to guard against the crime of identity theft, so that they can continue to provide that safe present, and to build that secure future. Well, it just got worse.

Because, as this report suggests, it is possible that you could be quite effective at warding off online predators and cyber-bullies, as well as proving quite successful at guarding your own hard-earned good credit, only to find that your child’s identity has been violated, and your family’s financial and emotional well-being threatened in an almost inconceivable way.

What would you do if your child was in foreclosure on a home in another state? Wouldn’t you want to know if your child had run up a huge utility bill across town?

These are not theoretical questions, these are real life questions that the parents and guardians of children in this report have been forced to come to grips with. In Child Identity Theft, you will find a hard look at what child identity theft means, including an analysis of over 4,000 incidents of child identity theft, and the actual stories of several victims. The report also lists recommendations for preventative measures that should be taken by both public and private sector institutions, as well as protective steps for parents to take directly.