Levy CyLab

The research in our laboratory focuses on addressing the following three key research areas and their interconnections: Cybersecurity, Social-Engineering, and User-authentication.

Overview

Figure 1: Cybersecurity Landscape Cybersecurity threats and vulnerabilities are causing substantial financial losses for individuals, organizations, and government agencies all over the world. Such cybersecurity landscape can be classified under three major pillars: (a) technology/system, (b) human-computer, and (c) socio-political-organizational (See Figure 1). One of the weakest links in the cybersecurity chain has to do with the individuals who are using and protecting such systems. The focus of our Levy CyLab research group is to work on diverse projects related to the human-centric lens (also known as "Human Factor in Cybersecurity") of all three cybersecurity landscape pillars. In the technology/systems pillar, user-authentication has long been a challenge due to the overuse of passwords and ease at which they can be guessed or cracked along with increase password entropy that impact employee productivity. In the human-computer pillar, employees’ mistakes, falling to social engineering and phishing attacks due to low cybersecurity awareness, knowledge, competencies, skills, and what is known by the 2002 Nobel Prize Laureate, Princeton University's Professor Daniel Kahneman as “System 1” thinking (or what we call “oh shoot syndrome”) represent the majority of cybersecurity threats to organizations. Moreover, non-IT employees have low awareness of the magnitude of cybersecurity threats and their impact on organizations, government, and society. On the other hand, increasing complexity for computer systems due to demands for heightened security can cause frustration, resistance, and lower productivity. In the socio-political-organizational pillar, identity theft, social engineering, phishing, and insider threats are on the rise, which pose eminent threats to the reputation as well as financial stability of individuals, organizations, governments, and societies. Our research focuses on all three cybersecurity pillars by: (a) development of novel approaches to improve user-authentication including their role in reducing organizational cyber risk; (b) development of innovative tools to measure cybersecurity skills and reduction of human errors related to cybersecurity; as well as (c) development of state-of-the-art tools to identify insider-threats, programs to help mitigation of social engineering, phishing attacks, and other cyber threats, along with the protection of privacy and corporate intellectual property, threat mitigation and cybersecurity risk management analysis. Over the last 15 years, the Levy CyLab research group has published over 48 papers in refereed publications, one patent application, seven grant submissions (one internal $10K grant awarded & one external DoD/NSA $128K awarded for 2019-2020 academic year), four external gifts ($8K total), and 24 doctoral students have completed their dissertation research in these areas.

Current Research

Our current work continues to focus on the human-centric lens (human factor) of all three cybersecurity pillars with increased emphasis on the development of state-of-the-art tools and prototype applications to assist in the measurement of cybersecurity skills, human errors, identify insider-threats, cybersecurity hygiene, along with experimental studies to assist organizations with: Business E-mail Compromise (BEC), social engineering and phishing, cyber threat mitigation, improve business continuity plans, resilience, and general cybersecurity risk management.

- Cybersecurity Threat Mitigations:

Assessment of cybersecurity skills, competencies, and awareness among employees/individuals
Detecting Identity theft and privacy threat vectors
Cyber risk management
Increasing collaboration with Federal law enforcement agencies on cyber incidents

- Social Engineering:

Social engineering (phishing & vishing) threat mitigation and prevention
Cybersecurity hygiene
Detection and prevention of Business E-mail Compromise (BEC)
Security, Education, Training, and Awareness (SETA) programs
Organizational and employee resilience to social engineering

- User Authentication:

User authentication (Via Web/mobile or physical at work/home)
Resistance to biometric and multi-factor authentication
Reduced employee productivity due to increased user authentication measures

For contributions to our efforts, please:
Visit the Nova Southeastern University Gift and Donations page
1. Under "Gift Area" - select "College of Computing and Engineering"
2. Under "Gift Donation" - select "Other"
3. Please specify by typing - "For Levy CyLab"

Thank you for the generous contribution!

Principal Investigator

Yair Levy, Ph.D., Professor of IS and Cybersecurity
College of Computing and Engineering
Department of Computing

levyy AT nova.edu

Current Ph.D. Students and Projects:

	Amy Antonucci, Ph.D. Student Dissertation title: "Pause for a Cybersecurity Cause: Assessing the Influence of a Waiting Period on User Habituation in Mitigation of Phishing Attacks" aa2539 AT mynsu.nova.edu
	Molly Cooper, Ph.D. Student Dissertation title: "Assessment of Audio and Visual Warnings to Mitigate Risk of Phishing Attacks" mc3300 AT mynsu.nova.edu
	Gabriel Cornejo, Ph.D. Student Dissertation title: "Human Errors in Cybersecurity Breaches: An Empirical Investigation using fuzzy-set Qualitative Comparative Analysis (fsQCA)" gc721 AT mynsu.nova.edu
	Javier Coto, Ph.D. Student Dissertation title: "An Empirical Investigation of Static and Polymorphic Tactile Stimuli’s Effect on Habituation to Mitigate Ransomware Attack Vector" jc3379 AT mynsu.nova.edu
	Keiona Davis, Ph.D. Candidate Dissertation title: "The Role of Cybersecurity Responsibility in Small to Medium Enterprises (SMEs) on Risk of Point-of-Sale (POS) Data Breach" keiona AT mynsu.nova.edu
	Andrea Di Fabio, Ph.D. Student Dissertation title: "Development and Validation of a User Cyber Activity Risk Scoring Model Using Domain Name Category Ranking" ad2045 AT mynsu.nova.edu
	Emmanuel Jigo, Ph.D. Candidate Dissertation title: "Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standard using Labels, Pictogram, as well as Safety Data Sheets" ej459 AT mynsu.nova.edu
	Tommy Pollock, Ph.D. Student Dissertation title: "Experimental Study to Assess the Role of Environment and Device Type on the Success of Social Engineering Attacks: The Case of Judgment Errors" tp809 AT mynsu.nova.edu
	Kevin Parviz, Ph.D. Student Dissertation title: "Development of a Multivariate Statistical Methodology for Expeditious Computer Forensics Triage" kp1094 AT mynsu.nova.edu
	William Shawn Wilkerson, Ph.D. Candidate Dissertation title: "Development of a Social Engineering Exposure Index using Open Source Personal Information" ww364 AT mynsu.nova.edu

Current Interns/Undergraduate Students and Projects:

	Emily Africk, Undergraduate Intern Project title: "An Examination of Historic Data Breach Incidents: What Cybersecurity Big Data Visualization and Analytics Can Tell Business Executives?" eafrick AT umich.edu

Alumni and Past Projects

	Shahar (Sean) Aviv, Ph.D. - ExcelNet.com Dissertation title (2019): "An Examination of User Detection of Business Email Compromise Amongst Corporate Professionals"
	Robert R. Batie, Ph.D. - Modern Technology Solutions, Inc. (MTSI) Dissertation title (2016): "Assessing the Effectiveness of a Fingerprint Biometric and a Biometric Personal Identification Number (BIO-PIN) as a Multi-Factor Authentication Mechanism"
	Shauna Beaudin, Ph.D. - Southern New Hampshire University Dissertation title (2017): "An empirical study of authentication methods to secure e-learning system activities against impersonation fraud"
	Carlene Blackwood-Brown, Ph.D. - Seneca College of Applied Arts and Technology & Sheridan College Dissertation title (2018): "An empirical assessment of senior citizens’ cybersecurity awareness, motivation to pursue training, and perceived risk of identity theft"
	Sandra J. Blanke, Ph.D. - University of Dallas Dissertation title (2008): "A study of the contributions of attitude, computer security policy awareness, and computer self-efficacy to the employees' computer abuse intention in business environments."
	Shonda D. Brown, Ph.D. - CIGNA Healthcare and Middle State Georgia University Dissertation title (2015): "An information privacy examination of the practices of pharmaceutical companies regarding use of information collected through their Websites."
	Melissa Carlton, Ph.D. - Huston Buptist University Dissertation title (2016): "Development of a cybersecurity skills index: A scenarios-based, hands-on measure of non-IT professionals’ cybersecurity skills"
	MinSuk Choi, Ph.D. Dissertation title (2013): "Assessing the role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills toward computer misuse intention at government agencies."
	Karla Clarke, Ph.D. - KPMG Cybersecurity Consulting - Middle Georgia State University Dissertation title (2018): "Novel alert visualization: The development of a visual analytics prototype for mitigation of malicious insiders cyber threat"
	Marlon Clarke, Ph.D. - Director of IT Security - MagicLeap Dissertation title (2010): "The role of self-efficacy in computer security behavior: Developing the construct of computer security self-efficacy (CSSE)."
	Theon Danet, Ph.D. - SRA International Dissertation title (2006): "A study of the impact of users' involvement, resistance, and computer self-efficacy on the success of a centralized identification system implementation."
	Darrell Eilts, Ph.D. - Hancock Whitney and Loyola University New Orleans Dissertation title (2020): "An Empirical Assessment of Cybersecurity Readiness and Resilience in Small Businesses"
	Abbe E. Forman, Ph.D. - ECPI University Dissertation title (2009): "An exploratory study on the factors associated with ethical intention of digital piracy."
	Jodi Goode, Ph.D. - Howard Payne University - CIO Dissertation title (2018): "Comparing training methodologies on employee’s cybersecurity awareness and skills in traditional and socio-technical programs"
	Robert J. Hambly, Ph.D. - Defense Media Activity (DMA) Dissertation title (2016): "Towards assessing the willingness of intelligence analysts to contribute to Knowledge Management Systems (KMS) in highly classified environments."
	Wilnelia Hernandez, Ph.D. - Universidad del Turabo, Puerto Rico (USA) Dissertation title (2016): "An empirical assessment of employees cyberslacking in the public sector."
	Angel Hueca, Ph.D. - CERT US and Northeastern University Dissertation title (2018): "Development and Validation of a Proof-of-Concept for Malicious Cybersecurity Insider Threats Alerting System Utilizing Analytics-based Visualization in Real-Time"
	Kenrie Hylton, Ph.D. - Northern Caribbean University Dissertation title (2012): "An experiment using Webcam-based surveillance to deter information systems misuse."
	Okay Igbonagwam, Ph.D. - Saint Leo University and Lockheed Martin Dissertation title (2008): "The contribution of security clearance, users’ involvement, and computer self-efficacy in the efficiency of requirements-gathering process: An information-systems case study in the U.S. military."
	Gerald D. Johnson, Ph.D. Dissertation title (2012): "Development of an audit classification index (ACI) for federal e-learning systems security vulnerabilities."
	Joseph Marnell, Ph.D. - Wayland Baptist University Dissertation title (2016): "An Empirical Investigation of Factors Effecting Resistance to Use Multi-Factor Authentication Systems in Public-Access Environments"
	Herb J. Mattord, Ph.D. - Kennesaw State University Dissertation title (2012): "Assessment of Web-based authentication methods in the U.S.: Comparing e-learning systems to Internet healthcare information systems."
	Stephen Mujeye, Ph.D. - American InterContinental University Dissertation title (2016): "An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity"
	Richard Nilsen, Ph.D. - DoD and Middle Georgia State University Dissertation title (2017): "Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges"
	Guillermo (Will) Perez, Ph.D. - Royal Caribbean Cruises Dissertation title (2019): "Cyber Situational Awareness and Cyber Curiosity Taxonomy for Understanding Susceptibility of Social Engineering Attacks in the Maritime Industry"
	Garrett Smiley, Ph.D. - Serco and Northcentral University Dissertation title (2013): "Investigating the role of multibiometric authentication on professional certification e-examination."
	Joshua D. Stalker, Ph.D. - ASRC Federal Dissertation title (2012): "A reading preference and risk taxonomy for printed proprietary information compromise in the aerospace and defense industry."
	Raymond Wells, Ph.D. - The College of The Bahamas and Bahamas National Insurance Board Dissertation title (2012): "An empirical assessment of factors contributing to individuals’ propensity to commit software piracy in The Bahamas."