The Security Expertise Assessment Measure (SEAM): Developing a scale for hacker expertise

Justin Scott Giboney, Jeffrey Gainer Proudfoot, Sanjay Goel, Joseph S Valacich

Research output: Contribution to journalArticle

6 Scopus citations

Abstract

Hackers pose a continuous and unrelenting threat. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper develops and validates a conceptual-expertise-based tool that we call SEAM that can be used to discriminate between novice and expert hackers. This tool has the potential to provide information systems researchers with the following two key capabilities: (1) maximizing the generalizability of hacking research by verifying the legitimacy of hackers involved in data collections, and (2) segmenting samples of hackers into different groups based on skill thereby allowing more granular analyses and insights. This paper reports on samples from four different groups: security experts, students, security workers, and Amazon Mechanical Turk hackers. SEAM was able to differentiate between security expertise in different populations (e.g., experts and student novices). We also provide norm development by measuring security workers and Amazon Mechanical Turk hackers.

Original languageEnglish (US)
Pages (from-to)37-51
Number of pages15
JournalComputers and Security
Volume60
DOIs
Publication statusPublished - Jul 1 2016

    Fingerprint

Keywords

  • Conceptual expertise
  • Hacker ability
  • Hacking techniques
  • Security knowledge
  • Skill measurement

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this