The research in our laboratory focuses on addressing the following four key research areas and their interconnections: Cybersecurity, User-authentication, Privacy, and Social-Engineering
OverviewCybersecurity threats and vulnerabilities are causing substantial financial losses for individuals, organizations, and government agencies all over the world. Such cybersecurity landscape can be classified under three major pillars: (a) technology/system, (b) human-computer, and (c) socio-political-organizational (Figure 1). One of the weakest links in the cybersecurity chain has to do with the individuals who are using and protecting such systems. The focus of our Levy CyLab research group is to work on diverse projects related to the human-centric lens of all three cybersecurity landscape pillars. In the technology/systems pillar, user-authentication has long been a challenge due to the overuse of passwords and ease at which they can be guessed or cracked. In the human-computerpillar, employees’ mistakes, due to low cybersecurity competencies and skills represent the majority of cybersecurity threats to organizations. Moreover, non-IT employees have low awareness of the magnitude of cybersecurity threats and their impact on organizations, government, and society. On the other hand, increase complexity for computer systems due to demands for heighten security can cause frustration, resistance, and lower productivity. In the socio-political-organizational pillar, identity theft, social engineering, and insider threats are on the rise, while posing eminent threats to the reputation as well as financial stability of individuals, societies, governments, and organizations. Our research focuses on all three cybersecurity pillars by: (a) development of novel approaches to improve user-authentication with biometrics and multi-factor authentication, including their use in e-learning systems; (b) development of innovative tools to measure cybersecurity skills and reduction of human errors related to cybersecurity; as well as (c) development of state-of-the-art tools to identify insider-threats, programs to help mitigation of social engineering and other cyber threats, along with the protection of privacy and corporate intellectual property, threat mitigation and cybersecurity risk management analysis. Over the last 12 years, our Levy CyLab group has published over 35 papers in refereed publications, one patent application, five grant submissions (one internal $10K grant awarded), four external gifts ($7K total), and 21 doctoral students have completed their dissertation research in these areas.Current Research Our current work continues to focus on the human-centric lens of all three cybersecurity pillars with increased emphasis on the development of state-of-the-art tools and prototype applications to assist in the measurement of cybersecurity skills, identify insider-threats, cybersecurity hygiene, along with experimental studies to assist organizations with: business e-mail compromise (BEC), social engineering, cyber threat mitigation, improve business continuity plans and resilience, as well as cybersecurity risk management.
- Cybersecurity Threat Mitigations:
- Social Engineering:
- User Authentication:
For contributions to our efforts, please: Visit the Nova Southeastern University Gift and Donations page1. Under "Gift Area" - select "College of Engineering and Computing"2. Under "Gift Donation" - select "CEC - Center for e-Learning Security Research" Thank you for the generous contribution!
Yair Levy, Ph.D.
levyy AT nova.edu
Current Ph.D. Students and Projects
Alumni and Past Projects
Ph.D. Posters Presented:
- Shauna Beaudin, "An Empirical Study of Authentication Methods to Secure E-learning System Activities Against Impersonation Fraud"- Shonda D. Brown "An Information Privacy Examination of the Practices of Pharmaceutical Companies Regarding Use of Information Collected Through Their Websites" - Melissa Carlton "Development of a Scenarios-Based, Hands-on Measure of Non-IT Professionals' Cybersecurity Skills"- Anita Girton "An Empirical Study on the Role of Cybersecurity Skills on Perceived Need for Actions to Mitigate Cyber Misuse"- Stephen Mujeye "An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity"- Joseph Marnell "An Empirical Investigation of Factors Affecting Resistance to Using Multi-Method Authentication Systems in Public-Access Environments"- Daira Vargas "Social Engineering and Web-Based Authentication: An Assessment of Personal Identifiable Information (PII) Found on Social Networking Tools (SNTs)"- Robert R. Batie "Using a Fingerprint Biometric and a Biometric Personal Identification Number (BIO-PIN) as a Multi-Factor Authentication Mechanism"- Wilnelia Hernández "An Empirical Assessment of Employees' Cyberslacking in the Service Sector"- Joshua Stalker "A Reading Preference and Risk Taxonomy for Printed Proprietary Information Compromise: A Case Study on Corporate E-training in the Defense Industry"- Marlon R. Clarke "The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)"