Security Awareness, Education, and Training
![[topcap]](/images/floating_sidebar_topcap.png){kind=small}
Research Areas
![[bottomcap]](/images/floating_sidebar_bottomcap.png){kind=small}
How do we educate users, producers, designers, and purchasers of IT to choose wisely when it comes to security? CERIAS personnel examine issues of awareness methods, on-line security education, security certification issues, security curriculum design, the role of K-12 education, risk communication, community awareness and standards, cross-cultural issues of security, organizational structure and communication of risk, and public perceptions of IT security.
Assessment of Indiana Dept. of Corrections Image Capture Process
It has become apparent that data sharing capabilities across state departments and law enforcement agencies is an issue, especially in terms of tracking, monitoring, and identifying persons of interest. There is a need to assess the image capture process, as well as sharing capabilities, and to incorporate commercially available facial recognition technology to reduce the errors in identifying persons of interest. The objective of this project is to evaluate legacy face images, assess and standardize the image capture process across Indiana Dept. of Corrections (DOC) agencies, integrate facial recognition to link face databases, and integrate mobile devices in law enforcement vehicles for face recognition. This research will lead to improvements in the efficiency and quality of the face image capture process in DOC facilities and BMV branches and facilitate image sharing capabilities across State agencies.
Virtual Law Enforcement Machine Network (VLEMN)
VLEMN is a project using virtual machines as tools for investigators. Investigators can conduct investigations and research from a secure remote non-government location on a virtual machine. The virtual environment provides an efficient means to conduct online activities.
Classifying Child Porn Images in Law Enforcement Cases (COPINE)
Using the COPINE (Combating Paedophile Information Networks in Europe) classification model, which categorizes the severity of victimization in child pornography, United States law enforcement officers will be asked to classify Internet child pornography images they have seized as evidence for a 6 month period, using an anonymous online questionnaire. This project is currently in the data collection phase.
Direct Commander
State and Local Law Enforcement Agencies cannot afford the small scale digital device forensic tools that exist, do not have adequate small scale digital device forensic tools, do not have a comprehensive knowledge of how the small scale digital device forensic tools work, and do not have a central repository for sharing their experiences about the small scale digital device forensic tools. To this end, and to fill this void, it is our objective to build a cost-effective forensic tool that acquires evidence from small scale digital devices; presents and explains the protocols and the specific commands used to acquire and interpret evidence as the evidence is acquired and interpreted; and report or export the evidence for further analysis. Additionally, development will include a central repository for the tools users to communicate specifically regarding the use, success, and education of the protocols and their application.
Unusual Sources of Digital Evidence
As in the world of car modification, “modding”, we are starting to see mods of computer systems. As simple as a Sushi thumb drives, to the more meticulous Pez MP3 player, digital evidence is finding more ways to hide. It is important to make our investigators aware of the various methods of computer modding.
Purdue Phone Phorensics
Considered to be the “Underwriters Lab” of Mobile Device Forensics, P3, or “Purdue Phone Phorensics” is intended to help investigators cut through the morass of literally hundreds of unique models of mobile phones and their accompanying requirements. This resource will literally take the guesswork out of processing most mobile devices. Don’t know what hardware and software to use? P3 will guide you. Just enter the brand and model, and P3 provides all the essential details you will need to examine the device. The hardware, software, and accompanying instructions will all have been tested for specific model of device under examination. Not sure what model you have in your hand? Use the “Phone Phinder” tool to identify the device by answering a few simple questions.
Small Scale Digital Device Forensics
As ubiquitous devices of our daily social fabric, the research of mobile device is imperative. The work done in our lab relates to the exploitation of such devices for investigative and intelligence purposes. Mobile devices may include, but are not limited to mobile phones, PDAs, smart phones, voip phones, gps devices, flash memory devices, audio and video devices, and other small scale digital devices that can be carried in a pocket or purse.
Creation of a Usability Engineering Laboratory to Analyze the Potential Impact of Information Technology-Induced Errors and Breaches of Security in Healthcare
The major objective of this research is to create a low cost portable usability engineering laboratory that can be used to rapidly evaluate the usability, safety and security of medical information systems such as electronic medical records and e-prescribing. This proposal will describe how simulations of clinical activity (involving human subjects carrying out clinical tasks) and mathematical computer-based simulations can be linked to forecast the impact of interface design features upon medical errors and security breaches using healthcare information technology (HIT). There are two phases to the research.. In Phase 1 a clinical simulation will be conducted involving physicians who will be asked to use a hand-held prescription writing application to enter and record medications administered during a simulated clinical interaction. In this phase of the study, data arising from the clinical simulation will be collected and then analyzed using qualitative approaches to assess the relationship between aspects of interface design (i.e., usability problems) and subject medication error and security breaches. In Phase 2, the base rates for error associated with specific types of usability problems (from Phase 1) will form the input into a computer-based mathematical simulation. This work is unique in health care as it directly connects two distinct forms of simulations – (1) clinical simulations of user behavior and (2) mathematical simulation to forecast error rates over time (based on parameters obtained from an empirical study involving the use of clinical simulation. The research will examine the impact of aspects of interface design upon medical error rates over a period of weeks and months.
