Invitation to Participate in Cyber Security Research Study
by Department of Computer Science, University of Oxford
We would like to invite you to participate in a research study being run by the University of Oxford titled “Analysing Cyber Value-at-Risk”. The study is in the form of an online survey, and the goal is to investigate how security controls are selected and used by businesses, and what impact this use of controls has on the security of the organisation. We anticipate that this will also lead to a better understanding of the benefits of compliance to well-known security standards.
The survey takes approximately 15 minutes to complete and is hosted securely, with all data collected anonymously, and no collection of personally identifiable data. The link for this survey is: https://controlsurvey.cs.
A more detailed description of the study and wider research project is attached to this email. If you have any questions or concerns about the study, please email please email Dr Louise Axon ([email protected]) or Dr Jason R. C. Nurse ([email protected]).
Many thanks for your time and consideration.
Research Project: Analysing Cyber Value-at-Risk
Project Investigators: Professor Sadie Creese and Professor Michael Goldsmith Project Researchers: Dr Louise Axon, Dr Arnau Erola, Dr Jason R.C. Nurse, and Dr Ioannis Agrafiotis
Background and aims of the project Being able to demonstrate that actions are being taken by a business to reduce information- or cyber- risk is important. However, the security controls typically viewed as necessary by the professional / expert community are not always underpinned by a framework that facilitates the quantification of the benefits resulting. This means that the real value of compliance to such tools, or the variability of compliance to standards, is not truly known. The aim of this project is to explore a model, approach and prototype tool that is able to relate security controls to assets, harms and cyber value-at-risk; this can also be used to consider the benefit of standards compliance.
Why have I been invited to take part in this study? You have been invited to take part because of your experience, knowledge or expertise in the area of organisational security, risk, controls and compliance. We also hope that you will be interested in our findings and would be happy to share these with you after the study is complete.
What will happen in the study? The study is in the form of an online survey. At the beginning of the survey, you will be asked to read an outline of the study and indicate your consent to participate. You will then be asked to answer a set of questions on the use of risk controls by organisations, the effectiveness of these controls, and the way in which usage factors such as configuration impact on effectiveness.
This study has been reviewed by, and received ethics clearance through, the Computer Science Departmental Research Ethics Committee (CS-DREC) at the University of Oxford (reference: CS_C1A_18_002-2). If you decide to participate, your responses will be collected anonymously, kept confidential and only used in an anonymised format in any reports resulting from this study. Participants should also note that they if they do agree to participate, they can withdraw from the study at any time and have their data destroyed.
How to participate? If you would like to participate in the online survey, please browse to the web link provided in the email accompanying this invitation. If you have any questions or concerns, please email Dr Louise Axon ([email protected]) or Dr Jason R.C. Nurse ([email protected]).
We look forward to hearing from you, and thank you for participating in this research.
Dr Axon and Dr Nurse are the primary contacts, and can be reached at: Department of Computer Science, University of Oxford, Wolfson Building, Parks Road, Oxford, OX1 3QD, UK; and [email protected] or [email protected].