The research in our laboratory focuses on addressing the following four key research areas and their interconnections: Cybersecurity, User-authentication, Privacy, and Social-Engineering


Figure 1: Cybersecurity LandscapeCybersecurity threats and vulnerabilities are causing substantial financial losses for individuals, organizations, and government agencies all over the world. Such cybersecurity landscape can be classified under three major pillars: (a) technology/system, (b) human-computer, and (c) socio-political-organizational (Figure 1). One of the weakest links in the cybersecurity chain has to do with the individuals who are using and protecting such systems. The focus of our Levy CyLab research group is to work on diverse projects related to the human-centric lens of all three cybersecurity landscape pillars. In the technology/systems pillar, user-authentication has long been a challenge due to the overuse of passwords and ease at which they can be guessed or cracked. In the human-computer pillar, employees’ mistakes, due to low cybersecurity competencies and skills represent the majority of cybersecurity threats to organizations. Moreover, non-IT employees have low awareness of the magnitude of cybersecurity threats and their impact on organizations, government, and society. On the other hand, increase complexity for computer systems due to demands for heighten security can cause frustration, resistance, and lower productivity. In the socio-political-organizational pillar, identity theft, social engineering, and insider threats are on the rise, while posing eminent threats to the reputation as well as financial stability of individuals, societies, governments, and organizations. Our research focuses on all three cybersecurity pillars by: (a) development of novel approaches to improve user-authentication with biometrics and multi-factor authentication, including their use in e-learning systems; (b) development of innovative tools to measure cybersecurity skills and reduction of human errors related to cybersecurity; as well as (c) development of state-of-the-art tools to identify insider-threats, programs to help mitigation of social engineering and other cyber threats, along with the protection of privacy and corporate intellectual property, threat mitigation and cybersecurity risk management analysis. Over the last 12 years, our Levy CyLab group has published over 35 papers in refereed publications, one patent application, five grant submissions (one internal $10K grant awarded), four external gifts ($7K total), and 21 doctoral students have completed their dissertation research in these areas.

Current Research

Our current work continues to focus on the human-centric lens of all three cybersecurity pillars with increased emphasis on the development of state-of-the-art tools and prototype applications to assist in the measurement of cybersecurity skills or identify insider-threats, along with experimental studies to assist organizations with: reducing employee resistance to biometric and multi-factor authentication, maintaining employee productivity while increasing cybersecurity measures, threat mitigation, and cybersecurity risk management analysis.

"Mitigation of human error is a challenging science. Don't get me wrong; I'm not saying that humans are not smart! We have been able to achieve some amazing things. Look at the advancements made in aerospace, medical technology, automobiles, ships, computers, smartphones, the Internet, etc. But, what I'm saying is: people, even the smartest of them, make mistakes. When it comes to cybersecurity, mistakes can be very costly for an individual and/or their organization. Therefore, my first current research focus can be summed up as: what "patches" for human errors in cybersecurity can researchers and industry professionals develop, while at the same time how effective are these "patches" in mitigation of cyber threats or attacks?" - Yair Levy, Ph.D.

Two of our recent key research questions are:
RQ1a - What "patches" for human error in cybersecurity could be developed?
RQ1b - How effective such "patches" are, and for how long (decay)?

"Since the late 19th century, a car driver is required to be licensed in order to operate an automotive. Since the early 20th century, a plane operator is required to obtain a license after demonstrating their ability to operate an airplane, knowledge about aeronautics/weather/etc., and their skills in taking off, flying, and landing in front of an experienced licensed pilot examiner. Other professions including engineers, nurses, architects, physicians, pharmacists, electricians, plumbers, and many more require licenses. With the increase in breaches in cybersecurity, we must question the role of licensure in the cybersecurity field. Therefore, my second current research focus can be summed up as: what constitutes cybersecurity competency?" - Yair Levy, Ph.D.

Two other critical research questions that focuses on competency, Knowledge/Skills/Abilities (KSAs), etc. are:
RQ2a - What constitute cybersecurity competency for Internet users, and professionals in the field?
RQ2b - What tools/techniques/processes can we develop to measures cybersecurity competency?

- Cybersecurity Threat Mitigations:

- Limited cybersecurity skills, competencies, and awareness among employees/individuals
- Identity theft and privacy threats vectors
- Cybersecurity and social engineering threat mitigation, prevention, as well as risk management analysis (RMA)

- User Authentication:

- User authentication (Via Web/mobile or physical at work/home)
- Resistance to biometric and multi-factor authentication
- Reduced employee productivity due to increase user authentication measures

- E-Learning Security:

- Authenticating e-learning users
- Sustainability and protection of e-learning systems
- Classification/quality measures of e-learning systems security

For additional areas of research in e-learning security, also visit the Center for e-Learning Security Research (CeLSR)

For contributions to our Center for e-Learning Security Research efforts, please:
Visit the Nova Southeastern University Gift and Donations page
1. Under "Gift Area" - select "College of Engineering and Computing"
2. Under "Gift Donation" - select "CEC - Center for e-Learning Security Research"

Thank you for the generous contribution!

Principal Investigator

Yair Levy, Ph.D. - Levy CyLab PI
Yair Levy, Ph.D.                                                                                                                                             levyy AT nova.edu

Current Ph.D. Students and Projects

Shahar Aviv, Ph.D. Student
Shahar (Sean) Aviv, Ph.D. Candidate
Dissertation title: "An Examination of User Detection of Business Email Compromise Amongst Corporate Professionals"
aviv AT mynsu.nova.edu
Carlene Blackwood-Brown, Ph.D. Student Carlene Blackwood-Brown, Ph.D. Candidate
Dissertation title and abstract: An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Motivation to Pursue Training, and Perceived Risk of Identity Theft
cb2136 AT mynsu.nova.edu

Karla Clarke, Ph.D. Candidate Karla Clarke, Ph.D. Candidate
Dissertation title: "Novel Alert Visualization: The Development of a Visual Analytics Prototype for Mitigation of Malicious Insiders Cyber Threat"
kc1127 AT mynsu.nova.edu
Gabriel Cornejo, Ph.D. Student Gabriel Cornejo, Ph.D. Student
Dissertation title: "Human Errors in Cybersecurity Breaches: An Empirical Investigation using fuzzy-set Qualitative Comparative Analysis (fsQCA)"
gc721 AT mynsu.nova.edu
Keiona Davis, Ph.D. Candidate Keiona Davis, Ph.D. Candidate
Dissertation title: "The Role of Cybersecurity Responsibility in Small to Medium Enterprises (SMEs) on Risk of Point-of-Sale (POS) Data Breach"
keiona AT mynsu.nova.edu
Samuel Espana-Lopez, Ph.D. Student Samuel Espana-Lopez, Ph.D. Student
Dissertation title: "Development of the Mobile Application Security Invasiveness Index: Assessing Mobile Applications Cyber Threats and Information Handling"
espana AT mynsu.nova.edu
Jodi Goode, Ph.D. Student Jodi Goode, Ph.D. Candidate
Dissertation title: "Comparing Training Methodologies on Employee’s Cybersecurity Awareness and Skills in Traditional and Socio-Technical Programs"
jp1587 AT mynsu.nova.edu

Angel Hueca, Ph.D. Student Angel Hueca, Ph.D. Candidate
Dissertation title: "Development and Validation of a Proof-of-Concept for Malicious Cybersecurity Insider Threats Alerting System Utilizing Analytics-based Visualization in Real-Time"
ah1676 AT mynsu.nova.edu
Guillermo (Will) Perez, Ph.D. Student Guillermo (Will) Perez, Ph.D. Student
Dissertation title: "Cyber Situational Awareness and Cyber Curiosity Taxonomy for Understanding Susceptibility of Social Engineering Attacks in the Maritime Industry"
gp90 AT mynsu.nova.edu
William Shawn Wilkerson, Ph.D. Student William Shawn Wilkerson, Ph.D. Candidate
Dissertation title: "Development of a Social Engineering Exposure Index using Open Source Personal Information"
ww364 AT mynsu.nova.edu

Alumni and Past Projects


Robert Batie, Ph.D.

Robert R. Batie, Ph.D. - Raytheon
Dissertation title (2016): "Assessing the Effectiveness of a Fingerprint Biometric and a Biometric Personal Identification Number (BIO-PIN) as a Multi-Factor Authentication Mechanism"

Sandra J. Blanke, Ph.D.
Sandra J. Blanke, Ph.D. - University of Dallas
Dissertation title (2008): "A study of the contributions of attitude, computer security policy awareness, and computer self-efficacy to the employees' computer abuse intention in business environments."

Shonda D. Brown, Ph.D.
Shonda D. Brown, Ph.D. - CIGNA Healthcare and Middle State Georgia University
Dissertation title (2015): "An information privacy examination of the practices of pharmaceutical companies regarding use of information collected through their Websites."

Shauna Beaudin, Ph.D.

Shauna Beaudin, Ph.D. - Southern New Hampshire University
Dissertation title: "An Empirical Study of Authentication Methods to Secure E-learning System Activities Against Impersonation Fraud"
Melissa Carlton, Ph.D.
Melissa Carlton, Ph.D.
Dissertation title (2016): "Development of a cybersecurity skills index: A scenarios-based, hands-on measure of non-IT professionals’ cybersecurity skills"

MinSuk Choi, Ph.D.
MinSuk Choi, Ph.D.
Dissertation title (2013): "Assessing the role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills toward computer misuse intention at government agencies."

Marlon Clarke, Ph.D.
Marlon Clarke, Ph.D. - Director of IT Security
Dissertation title (2010): "The role of self-efficacy in computer security behavior: Developing the construct of computer security self-efficacy (CSSE)."

Theon Danet, Ph.D.
Theon Danet, Ph.D. - SRA International
Dissertation title (2006): "A study of the impact of users' involvement, resistance, and computer self-efficacy on the success of a centralized identification system implementation."

Abbe E. Forman, Ph.D.

Abbe E. Forman, Ph.D. - ECPI University
Dissertation title (2009): "An exploratory study on the factors associated with ethical intention of digital piracy."
Robert Hambly, Ph.D.
Robert J. Hambly, Ph.D. - Defense Media Activity (DMA)
Dissertation title (2016): "Towards assessing the willingness of intelligence analysts to contribute to Knowledge Management Systems (KMS) in highly classified environments."

Wilnelia Hernandez, Ph.D.
Wilnelia Hernandez, Ph.D. - Universidad del Turabo, Puerto Rico (USA)
Dissertation title (2016): "An empirical assessment of employees cyberslacking in the public sector."

Kenrie Hylton, Ph.D.
Kenrie Hylton, Ph.D. - Northern Caribbean University
Dissertation title (2012): "An experiment using Webcam-based surveillance to deter information systems misuse."

Okay Igbonagwam, Ph.D.
Okay Igbonagwam, Ph.D.
Dissertation title (2008): "The contribution of security clearance, users’ involvement, and computer self-efficacy in the efficiency of requirements-gathering process: An information-systems case study in the U.S. military."

Gerald D. Johnson, Ph.D.
Gerald D. Johnson, Ph.D.
Dissertation title (2012): "Development of an audit classification index (ACI) for federal e-learning systems security vulnerabilities."
Joseph Marnell, Ph.D. Joseph Marnell, Ph.D. - Wayland Baptist University
Dissertation title (2016): "An Empirical Investigation of Factors Effecting Resistance to Use Multi-Factor Authentication Systems in Public-Access Environments"

Herb J. Mattord, Ph.D.
Herb J. Mattord, Ph.D. - Kennesaw State University
Dissertation title (2012): "Assessment of Web-based authentication methods in the U.S.: Comparing e-learning systems to Internet healthcare information systems."

Stephen Mujeye, Ph.D. Candidate
Stephen Mujeye, Ph.D.
Dissertation title (2016): "An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity"

Richard Nilsen, Ph.D. Student
Richard Nilsen, Ph.D.
Dissertation title (2017): "Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges"

Garrett Smiley, Ph.D.
Garrett Smiley, Ph.D. - Northcentral University
Dissertation title (2013): "Investigating the role of multibiometric authentication on professional certification e-examination."

Joshua D. Stalker, Ph.D.
Joshua D. Stalker, Ph.D.
Dissertation title (2012): "A reading preference and risk taxonomy for printed proprietary information compromise in the aerospace and defense industry."

Raymond Wells, Ph.D.
Raymond Wells, Ph.D. - The College of The Bahamas and Bahamas National Insurance Board
Dissertation title (2012): "An empirical assessment of factors contributing to individuals’ propensity to commit software piracy in The Bahamas."


Masters Projects/Posters

- See Masters Students projects via our Center for Information Protection, Education, and Research (CIPhER)

Ph.D. Posters Presented

- Shauna Beaudin, "An Empirical Study of Authentication Methods to Secure E-learning System Activities Against Impersonation Fraud"
- Shonda D. Brown "An Information Privacy Examination of the Practices of Pharmaceutical Companies Regarding Use of Information Collected Through Their Websites"

- Melissa Carlton "Development of a Scenarios-Based, Hands-on Measure of Non-IT Professionals' Cybersecurity Skills"
- Anita Girton "An Empirical Study on the Role of Cybersecurity Skills on Perceived Need for Actions to Mitigate Cyber Misuse"
- Stephen Mujeye "An Experimental Study on the Role of Password Strength and Cognitive Load on Employee Productivity"
- Joseph Marnell "An Empirical Investigation of Factors Affecting Resistance to Using Multi-Method Authentication Systems in Public-Access Environments"
- Daira Vargas "Social Engineering and Web-Based Authentication: An Assessment of Personal Identifiable Information (PII) Found on Social Networking Tools (SNTs)"
- Robert R. Batie "Using a Fingerprint Biometric and a Biometric Personal Identification Number (BIO-PIN) as a Multi-Factor Authentication Mechanism"
- Wilnelia Hernández "An Empirical Assessment of Employees' Cyberslacking in the Service Sector"
- Joshua Stalker "A Reading Preference and Risk Taxonomy for Printed Proprietary Information Compromise: A Case Study on Corporate E-training in the Defense Industry"
- Marlon R. Clarke "The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)"


Modified: October 23, 2017