PapersFlow Research Brief
Information and Cyber Security
Research Guide
What is Information and Cyber Security?
Information and Cyber Security is the field focused on information security policy compliance, awareness, and behavioral intentions in organizations, encompassing deterrence, attack graphs, risk management, insider threats, game theory, and cybersecurity.
This field includes 88,624 works addressing security administration through models like role-based access control. Papers examine influences such as rationality-based beliefs, fear appeals, and protection motivation on security behaviors. Organizational culture and top management play roles in policy compliance.
Topic Hierarchy
Research Sub-Topics
Information Security Policy Compliance
This sub-topic examines employee adherence to organizational security policies, influenced by factors like rationality-based beliefs, awareness training, and organizational culture. Researchers study models integrating protection motivation theory and deterrence to predict compliance behaviors.
Insider Threat Detection
This area focuses on identifying and mitigating risks from malicious or negligent insiders using behavioral analytics, anomaly detection, and access control models. Researchers develop frameworks combining user profiling and machine learning for real-time threat assessment.
Cybersecurity Deterrence Theory
Researchers investigate deterrence mechanisms, including certainty and severity of punishment, to discourage cyber attacks through game-theoretic models and empirical studies. This includes analysis of rational choice and fear appeals in attacker decision-making.
Attack Graph Modeling
This sub-topic develops graphical representations of multi-stage attack paths in networks to assess vulnerabilities and predict exploit sequences. Studies emphasize automated generation, risk quantification, and mitigation planning using formal methods.
Role-Based Access Control
Focuses on RBAC models for enforcing least privilege and separation of duties in information systems through policy specification and administration. Researchers address scalability, dynamic roles, and integration with emerging technologies like cloud computing.
Why It Matters
Information and Cyber Security directly impacts organizational risk reduction by improving employee compliance with policies. Sandhu et al. (1996) in "Role-based access control models" simplified security administration for large systems, enabling scalable access control with 5747 citations. Denning (1987) in "An Intrusion-Detection Model" provided a real-time expert system detecting intrusions via audit records, cited 3290 times for monitoring abnormal patterns. Bulgurcu, Hasan Cavusoglu, Benbasat (2010) in "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness" showed employees as assets in risk mitigation when aware and rational, with 1777 citations. Langner (2011) in "Stuxnet: Dissecting a Cyberwarfare Weapon" analyzed the first cyber warfare weapon targeting industrial systems, demonstrating attack complexity with 1789 citations.
Reading Guide
Where to Start
"Role-based access control models" by Sandhu et al. (1996), as it provides a foundational framework for simplifying security administration in large systems, cited 5747 times.
Key Papers Explained
Sandhu et al. (1996) "Role-based access control models" establishes core access control models, which Denning (1987) "An Intrusion-Detection Model" complements by adding real-time intrusion monitoring via audit records. Bulgurcu, Hasan Cavusoglu, Benbasat (2010) "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness" builds on these by linking technical models to human behavioral compliance. Langner (2011) "Stuxnet: Dissecting a Cyberwarfare Weapon" applies concepts to advanced threats, while Washington Usa August, David Moore, Geoffrey M. Voelker, Stefan Savage (2004) "USENIX Security Symposium" quantifies attack prevalence.
Paper Timeline
Most-cited paper highlighted in red. Papers ordered chronologically.
Advanced Directions
Field centers on policy compliance, deterrence, and behavioral intentions with no recent preprints or news. Focus remains on established models like RBAC and intrusion detection amid ongoing organizational applications.
Papers at a Glance
| # | Paper | Year | Venue | Citations | Open Access |
|---|---|---|---|---|---|
| 1 | Role-based access control models | 1996 | Computer | 5.7K | ✕ |
| 2 | An Intrusion-Detection Model | 1987 | IEEE Transactions on S... | 3.3K | ✕ |
| 3 | Proceedings of the 11th USENIX Security Symposium | 2002 | — | 2.5K | ✕ |
| 4 | Validating Instruments in MIS Research1 | 1989 | MIS Quarterly | 2.5K | ✕ |
| 5 | Usenix Security Symposium | 2011 | IEEE Software | 2.0K | ✕ |
| 6 | Security Engineering: A Guide to Building Dependable Distribut... | 2001 | — | 1.8K | ✕ |
| 7 | Stuxnet: Dissecting a Cyberwarfare Weapon | 2011 | IEEE Security & Privacy | 1.8K | ✕ |
| 8 | Information Security Policy Compliance: An Empirical Study of ... | 2010 | MIS Quarterly | 1.8K | ✕ |
| 9 | Telling Lies: Clues to Deceit in the Marketplace, Politics, an... | 1985 | — | 1.7K | ✕ |
| 10 | USENIX Security Symposium | 2004 | IEEE Security & Privacy | 1.5K | ✕ |
Frequently Asked Questions
What is role-based access control in information security?
Role-based access control simplifies security administration of large systems by assigning permissions to roles rather than individuals. Sandhu et al. (1996) in "Role-based access control models" describe four reference models for this approach. It receives attention for effective security review and administration.
How does intrusion detection work in cyber security?
Intrusion detection monitors system audit records for abnormal patterns indicating break-ins or abuse. Denning (1987) in "An Intrusion-Detection Model" outlines a real-time expert system based on this hypothesis. The model detects security violations through pattern analysis.
What factors influence information security policy compliance?
Rationality-based beliefs and information security awareness drive employee compliance with policies. Bulgurcu, Hasan Cavusoglu, Benbasat (2010) in "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness" confirm employees reduce risks when complying. Organizational rules position employees as assets against threats.
What was Stuxnet in cyber warfare?
Stuxnet was the first cyber warfare weapon, more complex than prior malware with a new attack approach. Langner (2011) in "Stuxnet: Dissecting a Cyberwarfare Weapon" details its dissection and non-conventional methods. It marked a turning point in cybersecurity history.
How prevalent are denial-of-service attacks?
Denial-of-service attacks occur with measurable prevalence in the Internet. Washington Usa August, David Moore, Geoffrey M. Voelker, Stefan Savage (2004) in "USENIX Security Symposium" quantify their nature and trends. The work enables analysis of recurring patterns.
What role does top management play in security?
Top management and organizational culture improve compliance with information security policies. The field description highlights their influence on behaviors. Papers cover deterrence and awareness shaped by leadership.
Open Research Questions
- ? How can rationality-based beliefs be optimized to enhance employee compliance across diverse organizational cultures?
- ? What new patterns in audit records indicate evolving insider threats undetected by current intrusion models?
- ? How do game theory models predict attacker-defender dynamics in real-time cyber warfare scenarios like Stuxnet?
- ? Which role-based access control extensions best mitigate risks in distributed systems?
- ? How do fear appeals and protection motivation interact with deterrence in behavioral security intentions?
Recent Trends
The field maintains 88,624 works with no specified 5-year growth rate.
Top-cited papers from 1987-2011, such as Sandhu et al. with 5747 citations, continue dominating.
1996No recent preprints or news indicate steady emphasis on policy compliance and awareness.
Research Information and Cyber Security with AI
PapersFlow provides specialized AI tools for Computer Science researchers. Here are the most relevant for this topic:
AI Literature Review
Automate paper discovery and synthesis across 474M+ papers
Code & Data Discovery
Find datasets, code repositories, and computational tools
Deep Research Reports
Multi-source evidence synthesis with counter-evidence
AI Academic Writing
Write research papers with AI assistance and LaTeX support
See how researchers in Computer Science & AI use PapersFlow
Field-specific workflows, example queries, and use cases.
Start Researching Information and Cyber Security with AI
Search 474M+ papers, run AI-powered literature reviews, and write with integrated citations — all in one workspace.
See how PapersFlow works for Computer Science researchers