Background and services provided by Alloy Cybersecurity - reducing risk of organizational data breach, borrowing empirical methodology from criminology and crime science.

1. Alloy Cybersecurity
Proactive prevention and protection
Mark Stockman,
Joe Nedelec, Bill Mackey

2. The Problem
Limited cybersecurity budgets
Bad guys are winning

3. “Cyber security requires a multi-
disciplinary approach. Efforts should be
made to educate and partner with
disciplines not always thought of as
related to cyber security.”
“Curative-not palliative-approaches are
needed to address causes rather than
symptoms of the continuing security
breaches in computer systems.”
Hoffman, L. 2010. GW Cyber Security Research and Policy Institute Report.

4. Stockman, Holt, Mackey, & Holiday, 2013 Cyberdeviance Study
“I’ve never had the need,
skillset, or knowledge”
“Been too busy to learn”
“Number 1 it is wrong.
Number 2, I would have
no idea where to start”
Why not hack? (or follow policy?)

5. Alloy Cybersecurity
School of Information Technology:
– Mark Stockman
School of Criminal Justice:
– Joe Nedelec
– Bill Mackey
Empirically driven, interdisciplinary team adding
human behavior to cyber.

6. Behavior/Decisions
2015 Verizon Data Breach Investigations Report

7. Cause of data breach by cause 2005-2015
(n=4,539)

9. What we know about data breaches by major
industry and cause of breach, 2005-2015 (n=3,899)

10. US crime rate per 100k
Bureau of Justice Statistics

11. Crime Science
Center for Problem Oriented Policing

12. Behavioral Economics

13. Data breach victim
• Customers
• Organization
• Employees
13

14. Non-malicious Insider Risk
Intermedia 2015 Insider Risk Report

15. Non-malicious Insider Risk
Intermedia 2015 Insider Risk Report

16. Non-malicious Insider Risk
Intermedia 2015 Insider Risk Report

17. Why not follow best practice?
Incentive structure

18. Why not follow best practice?
Individual characteristics

19. Levels of analysis
• Organization
• Department
• Individual/employee

20. Why not follow best practice?
Incentive structure
Individual characteristics

21. Cybervictimization Risk Model

23. Behavioral Cyberthreat Assessment
Identify risk at multiple levels
Organization, department, individual
Non-malicious behavior
23

24. Behavioral Cyberthreat Mitigation
Customized risk reduction strategies/training
Incentivize best practice
24

25. Analyze and Affect Behavior
 Alloy Breach Database
 Employee surveys/interviews
 Vulnerability reports*
 IT/Info Sec policies*

26. Alloy Cybersecurity
Mark Stockman
Associate Professor, Information
Technology
Joe Nedelec
Assistant Professor, Criminal Justice
Bill Mackey
Assistant Professor (ISU), Criminology

27. Mark Stockman is an Associate Professor at the University of Cincinnati serving
as a faculty member in the School of Information Technology teaching networking,
systems, and cybersecurity courses. His research interests include systems
administration, server virtualization, cloud computing management, and IT pedagogy.
With recent study of traditional criminology and crime prevention, his current
research focusses on cybersecurity. Specifically, Mark is investigating the
applicability of criminological theories in the digital realm or cybercrime science. Mr.
Stockman is the former Chair of the ACM Special Interest Group for Information
Technology Education (SIGITE), a community that has defined IT as an academic
discipline; and is also now active in a similar effort for the cyber sciences, the Cyber
Education Project (CEP). Along with industry experience prior to becoming a
professor, he holds a BS in Industrial and Systems Engineering from Ohio University,
Russ College of Engineering and Technology, and an MBA from Ohio University,
College of Business. – mark.stockman@uc.edu

28. Joe Nedelec received his undergraduate degrees (criminology and psychology)
and his master’s degree (criminology) from Simon Fraser University in Burnaby,
British Columbia. His doctoral degree (criminology) was received from Florida State
University. Dr. Nedelec’s primary research interests lie within biosocial criminology,
with specific focus on evolutionary psychology, life-history theory, digit ratio, and
behavioral genetics. He has published articles on biosocial criminology in a variety
of journals including Child Psychiatry and Human Development, Criminology,
Evolution and Human Behavior, Intelligence, Journal of Criminal Justice, Personality
and Individual Differences, and others. He has also incorporated topics related to
cybercrime and cyber-security into his research agenda and has a secondary
appointment with the School of Information Technology at UC. Dr. Nedelec teaches
in the areas of life-course/developmental criminology, cybercrime, research methods,
and statistics. He is also co-founder and current Vice President of the Biosocial
Criminology Association (www.biosocialcrim.org). – joseph.nedelec@uc.edu

29. Bill Mackey is an Assistant Professor at Indiana State University. His research
interests include: cybercriminology, social engineering, technological advances in
crime and crime prevention, white-collar crime, and criminological theory. Bill’s
current research is focused on correlates of human behavior in data breaches and
the application of criminological theory to cybercrime and breach prevention. Bill has
published works in the areas of social engineering, advanced crime prevention
technologies, and individual differences in both white-collar offenders and hackers.
Mr. Mackey is a member of the Cincinnati Bell Digital Forensics Working Group, the
National White-Collar Crime Research Consortium, and the American Society of
Criminology. He received a dual bachelor’s degree in psychology and criminology
from Iowa State University, a master’s degree in criminology from Indiana State
University, and is currently finishing his Ph.D. in criminology at the University of
Cincinnati. – William.Mackey@indstate.edu