Views
5 years ago

April 10, 2011 Salzburg, Austria - WOMBAT project

April 10, 2011 Salzburg, Austria - WOMBAT project

Given the fact that the

Given the fact that the final data of the survey has been adjusted to the same scope of the study, they are perfectly homogeneous when it comes to the geographical distribution, gender, size of the household and other relevant sociodemographic variables, that is to say, they do not show variations in those aspects for the purposes of the analysis. 2.1.3 Sampling error In accordance with the criteria of simple random sampling for dichotomic variables in which p=q=0.5 and for a confidence level of 95.5%, the following calculations of the sampling error are established. Sampling error ±1.68%. 2.2 Consistency and robustness of the sample The consistency of the sample, in terms of a possible selfselection bias because of accepting panelists scanning their computer, has been analyzed in detail. It has been concluded that the sample does not show significant bias in this aspect. In order to check the robustness of the analysis, the results of the scans and surveys are monitored throughout the life of the panel. - The results regarding the habits, opinions and attitudes and the Security indicators panel show a considerable - consistency, which corresponds to variables, which change rather slowly under stable conditions. The data of the scanning, expressed as a percentage of malware detections in the months of the life of the panel since January 2007, also show that the variations of the sample are included in the normal variation, established by the sampling error and by the logical and normal development of security habits of Spanish users. The obtained results can be considered suitable and it is possible to establish them as a basis for a future analysis of temporal series, which will allow to measure the past development and predict possible future situations. The sample is, therefore, exempt from bias and structural problems. The variations produced in the sample over time are the result of the panel’s dynamism, which reflects how the incidents detected in the users are evolving. 2.3 Technical design of the system of statistical indicators Every analysis and all the information about security incidents and e-trust, shown in the final report can be simplified in the calculation of a series of indicators that systematically customize the information of the Study in a segmented way. The system consists of six indicators and includes, for example, usage habits, such as the equipment in security or real malware incidents: - Security indicator 1 (SI.1) Tools and security measures indicator - Security indicator 2 (SI.2) Security behaviour and habits indicator - Security indicator 3 (SI.3) e-trust indicator - Security indicator 4 (SI.4) Malware incidents indicator 3 - Security indicator 5 (SI.5) Computers at high risk indicator - Security indicator 6 (SI.6) Computers with high dissemination potential indicator 2.3.1 Objectives and Advantages The system of indicators is expected to serve as a means to monitor the evolution and trends of security on the Internet, as well as the trust of households. The system of indicators, designed by INTECO, has the following benefits: - It is integral, as it encompasses both usage habits and equipment in security, or the real malware incidents. - It is synthetic, as it summarizes all relevant aspects of security into a set of six indicators. - It is sensitive, as it has detected small variations of security and has shown to be relevant to detect risk situations in specific segments of the population. - It is stable, as it permits to have a general vision of the situation of security of any market, segment or sub-segment, related to the scores, whose reference is always 100 on the scale. Even if the number of questions that form the indicator varies, the system would maintain its stability and historical comparability. - It is operative, as it permits to easily detect the system’s vulnerabilities and to instigate measures to reduce them. - It is strategic, as it helps to understand the consequences of the individual situations regarding the lack of protection for the system and it permits to introduce the connection between the Administration’s security policy and users´ individual behaviour. 2.3.2 Status and values of the indicators The value of the six indicators ranges from 0 to 100 points. It is given in points, except for the indicator SI.4: Malware incidents indicator, which shows the percentage of computers with at least one incident of malware, coming from the data of the scanning, and which is included within the system of Indicators, due to the relevance of the data. That is to say, even though the indicator SI.6, Computers with high dissemination potential indicator, has a value of, for example, 27.3, it does not mean that 27.3% of computers have a high dissemination risk, but that the result of the combined calculations used to obtain the result shows a value of 27.3 points. They show a combined calculation of different items and parameters that form each indicator. This system facilitates temporary analysis and comparisons between the different waves. 2.3.3 Structure of the System of Indicators The six indicators are classified into two groups: - Indicators related to protection:SI.1 and SI.2 - Indicators related to risk: SI.4, SI.5, and SI.6.

IS.3, which completes the list, presents users´ perception, i.e. the e-trust indicator represents the balance variable, which evaluates the protection against risks. The first group includes the factors that increase protection, while the second group includes those factors that measure the risks. The system modifies the parameters of the indicators of both groups, in order to keep the perception of users high. In this way, changes in the habits and behavior of Spanish households may be analyzed. The system of the set of indicators is balanced: an increase in the incidents tends to be compensated by more security equipment and prudent habits, in order to restore the balance, marked by high e-Trust (Figure 2). 2.3.3.1 SI.1 Tools and security measures indicator It measures the equipment and the adoption of security measures. It is calculated according to certain measures of the available security equipment by comparing the data with an optimal security situation, which is reached with full equipment. The equipment for the calculation of the indicator includes the security measures that are most used: antivirus programs, firewalls, pop-up blockers, deletion of temporary files and cookies, antispam programs, antispyware, passwords (equipment and documents), security updates of the operating system, backups of important files and document encryption. The calculation of the indicator does not only focus on the security of the system, but also includes measures that favor the security of information. 2.3.3.2 SI.2 Security behaviour and habits indicator Measures the type of behaviour and secure habits during Internet browsing and the use of specific online services, synthesising the points obtained on the following aspects: - Behaviour when browsing. - Behaviour in electronic mail. - Behaviour in the use of social networks, chats and instant messaging. - Behaviour in online banking and electronic commerce. - Behaviour in the use of file exchange networks (P2P). These sections in turn are subdivided into conceptual subgroups for each area. - Internet browsing: includes behaviours such as clicking on interesting or attractive advertisements although the advertiser is not known; or not analysing, manually or automatically, with the antivirus program every file downloaded from the Internet before opening/executing it. - Using electronic mail: whether users download and open files attached to electronic mails from strangers or open files they did not request if they seem interesting, or if they analyse all attachments with an antivirus program before opening them, etc. - Using social networks/chats/instant messaging: whether users reject invitations/messages from users they do not know, if they avoid clicking on invitations from strangers to visit web sites, or if they add strangers contact details to their instant messaging program, etc. 4 - Use of online banking and electronic commerce: whether users perform online transactions (payments, purchases, transfers, etc.) checking that the connection is secure (https protocol, validity and currency of certificate), etc. - Use of file exchange networks (P2P): whether, for example, users analyse with their antivirus program all files downloaded from P2P networks, etc. All these features are recorded for the entire set of users depending on the use they make of the aspects and the importance assigned to each section. 2.3.3.3 SI.3 e-trust indicator This indicator measures users' subjective perception of security when they use the Internet. It is made up with the scores obtained for the following criteria on perception of security (with respect to the maximum possible score): whether, in general, the Internet is more secure; if users think that security is or is not a limiting factor when taking on new Internet services; their perception on the change in security (measured in number of incidents and seriousness compared to 3 months ago), and degree of agreement with the statement "I consider my computer to be reasonably well protected". 2.3.3.4 SI.4 Malware incidents indicator This indicator shows the percentage of computers with some malware detected during scanning of household computers. 2.3.3.5 SI.5 Computers at high risk indicator This indicator reflects the percentage of domestic equipment in which the audit detected at least one high risk malware incident. Detected malicious codes are catalogued into 4 risk groups (from higher to lower) according to the following distribution: - High risk: trojans - backdoor programs, bankers, keyloggers, diallers - viruses, worms, exploits and rootkits. - Medium risk: spyware programs, adware programs, scripts and files detected heuristically - Low risk: joke programs and intrusion tools. - Without risk: equipment where malware was not detected. 2.3.3.6 SI.6 Computers with high dissemination potential indicator This synthetic indicator takes into consideration users' behaviour and habits that, to a greater or lesser extent, could result in a high level of dissemination of malware to other users and to their own system. It includes the following elements: - Whether the equipment is up to date with respect to operating system updates (data obtained from the program for analysing actual incidents). - Whether any malware in the worm or script categories was detected on the equipment. - If users declared that they download any type of file from the Internet. - If instant messaging services were used. - If users declared that they share files/software without checking whether they are or are not infected.

D06 (D3.1) Infrastructure Design - WOMBAT project
6-9 December 2012, Salzburg, Austria Social Programme
D I P L O M A R B E I T - Salzburg Research
D I P L O M A R B E I T - Salzburg Research
D I P L O M A R B E I T - Salzburg Research
ECCMID meeting Vienna, Austria 10-13 April 2010 - European ...
Communication Plan for EGU 2011 April 3-8, 2011, Vienna, Austria
8th Liquid Matter Conference September 6-10, 2011 Wien, Austria ...
8th Liquid Matter Conference September 6-10, 2011 Wien, Austria ...
April 10, 2011 - University of Cambridge
Top 10 Project Management Trends for 2011 from ESI International