About
54
Publications
12,304
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
247
Citations
Introduction
Additional affiliations
March 2008 - August 2010
Nepasoft Solutions Pvt. Ltd.
Position
- Developer
January 2023 - July 2024
January 2020 - January 2023
Education
August 2013 - November 2016
August 2010 - December 2012
November 2003 - November 2007
Publications
Publications (54)
Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees’ attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees’ knowledge. In cybersecurity, knowledge on its own will have no significanst value unless it is used to guide decisions and inspire actions....
The proliferation of information and communication technologies in enterprises enables them to develop new business models and enhance their operational and commercial activities. Nevertheless, this practice also introduces new cybersecurity risks and vulnerabilities. This may not be an issue for large organizations with the resources and mature cy...
This chapter discusses present and prospective aspects of cybersecurity awareness (CSA) initiatives. Concerning the first, it presents practices suggested by numerous past research studies that involve both CSA and other relevant fields of study in order to build a more effective CSA program. The second segment recommends leveraging the capabilitie...
Small and medium-sized enterprises (SMEs) are considered the backbone of Europe’s economy. However, SMEs are often bounded by resource constraints that also limit their cybersecurity posture. In such circumstances, SMEs could potentially benefit from the free and inexpensive cybersecurity awareness (CSA) resources produced and distributed by variou...
This report is the second deliverable in the sequence of two deliverables that make security recommendations to the supply chain. The recommendations are made specifically focusing on small and medium-sized enterprises so to protect against cyber challenges that could arise due to the integration of emerging technologies into the supply chain.
This deliverable is the third in a sequence of three reports that select policy recommendations from the CyberSec4Europe project and present them in a way that can be easily understood and used by interested parties, and especially by policymakers. The policy recommendations cover a wide variety of areas ranging from awareness to research and targe...
This report follows from D9.18―Awareness Effectiveness Study 2, in which we conducted a literature review to elicit a comprehensive list of factors relevant to enhancing the effectiveness of cybersecurity awareness, specifically motivating people to adopt and improve cybersecurity behaviour. In this report, we have condensed and validated the outco...
After the completion of its third year of operation in 2022, the CyberSec4Europe pilot project (https://cybersec4europe.eu/) produced this ”Blue Book” (and delivered it as Deliverable D4.7) to serve as a Horizon Research Roadmap in the area of cyber security. To make this book a reality, the project put together a ”Task Force” of young and senior r...
After conducting research for more almost four years, the CyberSec4Europe project has created a “Future Horizon Roadmap” that lists the important research priorities that should be explored in the future. For each research priority, the deliverable lists specific research gaps and example problems that need to be addressed.
This report builds on the work carried out in the two previous reports in this series by
looking at the success of the various SME awareness campaigns and the efficacy of the communication channels with recommendations to achieve more substantial outreach in the future.
This report builds on the work carried out in the two previous reports in this series by
looking at the success of the various SME awareness campaigns and the efficacy of the communication channels with recommendations to achieve more substantial outreach in the future.
Small and medium-sized enterprises (SMEs) are considered the backAQ1 bone of Europe’s economy. However, SMEs are often bounded by resource constraints that also limit their cybersecurity posture. In such circumstances, SMEs
could potentially benefit from the free and inexpensive cybersecurity awareness
(CSA) resources produced and distributed by va...
Posters are widely in practice to communicate cybersecurity awareness (CSA) messages. This popularity could be because it is one of the simplest mechanisms, and most people are accustomed to poster usage. Despite this, very little effort has been made to make the CSA poster design and assessment more systematic. Due to this, there exists a wide var...
This report provides a more comprehensive list of factors that should be considered to
enhance the effectiveness of cybersecurity awareness programmes, in particular, to motivate people to adopt cybersecurity awareness and translate the message (security recommendations) or learned things into actions and behaviour. The list integrates factors from...
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...
This report proposes a conceptual framework for the monitoring and evaluation of a cybersecurity awareness (CSA) program. In order to do so, it uses a nonsystematic or purposive literature review. Initially, it reviewed nine existing frameworks/models on CSA mainly to derive the skeleton (phases and sub-phases) of the framework. This is followed by...
This is the third and last of a sequence of three research and development roadmaps of the CyberSec4Europe project. The goal of this roadmap is to identify major research challenges in the verticals of the project, and to explain what is at stake and what can go wrong if problems are left unsolved. The verticals studied are: (i) Open Banking, (ii)...
This deliverable is the second in a sequence of three reports that select policy recommendations of the CyberSec4Europe project and present them in a way that can be easily understood and used by interested parties, and especially by policymakers. The policy recommendations cover a wide variety of areas ranging from education to research and target...
Migrating the teaching and learning activities to the Internet invites a plethora of cyber risks and security threats. As distance learning has undergone a spectacular development and use recently, especially in the Covid-19 era-when it was, once, only temporarily established-, it is considered of utmost importance to ensure the issue of security a...
The abrupt outbreak of the coronavirus pandemic throughout the world in March 2020 resulted in the sudden closure of all schools, colleges and universities, institutions, and an unprecedented pivot to remote learning. Students and teachers were confronted with the
the overwhelming challenge of migrating from the traditional face-to-face or hybrid m...
This report is the first deliverable in the sequence of two deliverables that make security recommendations to the supply chain. The recommendations are made specifically focusing on small and medium-sized enterprises so to protect against cyber challenges that could arise due to the integration of emerging technologies into the supply chain.
This report presents sources of cybersecurity awareness resources and materials that can be
useful for SMEs. The sources of these materials can be broadly categorised into
(1) European agencies and organisations
(2) EU-funded and national projects,
(3) National organisations of EEA countries and the UK,
(4) European trade associations and federatio...
This report proposes metrics for the evaluation of a cybersecurity awareness programme. In order to do so, it utilises a systematic literature review. It reviews 27 papers (selected after multiple rounds of screening) that have evaluated cybersecurity awareness mainly to extract two types of data from them i.e., what factors did the paper measure,...
This deliverable (Policy Recommendation Report I) is the first in a sequence of three deliverables that select policy recommendations of the CyberSec4Europe project and present them in a way that can be easily understood and used by interested parties, and especially by policymakers. The policy recommendations cover a wide variety of areas ranging...
Nepal is vulnerable to different natural calamities that occur due to diverse geographical and climatic conditions. Reports have shown that many people and their families are affected due to some form of disasters annually. It is important to save lives and reduce the hazard level to minimum during the natural disasters which might not be prevented...
This document provides a systematic literature review of previously executed studies that focused on cybersecurity awareness across small and medium-sized enterprises within the European Union. The study seeks to: (i) identify and classify the research papers published on the topic of cybersecurity awareness, (ii) analyse and evaluate the identifie...
A password manager stores and handles users’ passwords from different services. This relieves the users from constantly remembering and recalling many different login credentials. However, because of the poor usability and limited user experience of password managers, users find it difficult to perform basic actions, such as a safe login. Unavoidab...
Cybersecurity professionals face increased demand to acquire the knowledge and develop the skills required to keep citizens safe from cyberattacks, predict the latter with scientific methods, and advance citizens' social awareness. A proactive multidisciplinary approach against cyberattacks is effective via the combination of multidisciplinary and...
Systems software quality, and system security in particular, is often compromised by phishing attacks. The latter were relatively easy to detect through phishing content filters, in the past. However, it has been increasingly difficult to stop more recent and sophisticated social phishing attacks. To protect the citizens from new types of phishing...
Individuals and organizations utilize the cloud technology and its services in various ways. Cloud-based services are becoming increasingly popular, while there is no adequate knowledge offered for their secure use in the education for future IT professionals. It is important to understand how security and privacy issues are perceived and handled b...
*Password manager is an application handling and storing users’ passwords from different services. *Password manager aims to relieve the users from constantly remembering and recalling their login credentials. *Though the program is designed to help users in password management, users often encounter difficulties to perform even such basic actions...
Preparing students adequately against online-attacks is a constant teaching and learning challenge, no matter how many advanced security-related courses have been developed for higher education curricula worldwide. Recently emphasis has also been put on online identity theft and social awareness in general. The authors research the knowledge, skill...
Social engineering is the most prevalent scheme used for online attacks and identity theft. This is the reason why security-related courses, modular degree schemes and training have recently been increased in education and industry worldwide. Emphasis is put on certain subjects such as online identity theft (or phishing) and social awareness. In th...
Key2phone is a mobile access solution which turns mobile phone into
a key for electronic locks, doors and gates. In this paper, we elicit and analyse
the essential and necessary safety and security requirements that need to be
considered for the Key2phone interaction system. The paper elaborates on
suggestions/solutions for the realisation of s...
Public awareness is a significant factor in the battle against online identity theft (phishing). Advancing
public readiness can be a strategic protection mechanism for citizens’ vulnerability and privacy. Further, an
effective research strategy against phishing is the combination of increased social awareness with software
quality and social com...
The increasing number of Internet and mobile phone
users, and essentially those, who use these electronic media to
perform online transactions makes Nepal lucrative for phishing
attacks. It is one of the reasons behind escalating phishing attacks in
the country. Therefore, in this paper we examine various phishing
attempts and real scenarios i...
Content: It contains some fundamental issues which have to be addressed in order to make ambient intelligence applications in smart buildings more usable and to gain acceptance from people.
The report presents the crucial factors which have to be considered when determining an optimization approach for sensor arrangement. Furthermore, it briefly i...
A gradual increase in Internet and mobile phone users in Nepal has encouraged banking sectors to offer
online and mobile banking to their customers as well as contributed in the emergence of various e-commerce websites. People are using internet and mobile phone to perform different monetarily sensitive activities like paying their bills, transfer...
Content: This is a preliminary report. It contains some fundamental issues which have to be addressed in order to make ambient intelligence environment more usable and to gain acceptance from people.
Essentially, it presents the crucial factors which have to be considered when determining an optimization approach for sensor arrangement. Furthermor...
Content: This report explains: mechanism that can be used for the copyright protection of
video content; privacy and security requirements for Interactive 360 degree panorama video player
when it is used for live streaming entertainment shows like sports, reality shows, and music
concerts; platforms for sharing 360 degree videos and mechanisms t...
Software quality assurance and ‘dark’ social engineering seem to
currently constitute a rather ‘closed-case’ body of scientific knowledge.
Specific information and software quality criteria on corrective and
reactive (not pro-active or preventive!) maintenance are shared by a few
research groups and a small number of anti-phishing technology
compan...
Many anti-phishing solutions turn to be ineffective because they
have poor usability. There have been significant improvements when
usability and phishing detection techniques are handled separately.
However, handling usability in anti-phishing solutions still remains a
challenging task. This is because considering usability for antiphishing so...
This management summary comments on the early outcomes of an
R&D project with industrial and academic collaboration. In
particular, the project’s requirements elicitation phase is presented,
during which the authors determined the security and usability
requirements of different use-cases for the Interactive 360
0
panorama video player. The use...
Content: The report explains the security and usability requirements proposed by our team
for the different use-cases of Interactive 360 degree panorama video player.
Impact: This document contains the outcomes of requirements elicitation that our team
conducted in order to determine the security and usability requirements of different use-cases...
Content: The report explains the security and usability policies proposed by our team for the
Key2phone system.
Impact: This report contains the source code in Finite State Process (FSP), which explains the
security and usability policies in the Key2phone system proposed by our team. Further, the
report also points out some security challenges...
The fight against phishing has resulted in several anticipating phishing prevention
techniques. However, they are only partially able to address the phishing problem.
There are still a large number of Internet users who are tricked to disclose their personal
information to fake websites every day. This might be because existing phishing
prevent...