Adam Jenkins’s research while affiliated with King's College London and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (9)


Looking Past Screens: Exploring Mixed Reality and Discreet AAC Devices
  • Conference Paper

October 2024

·

7 Reads

·

Adam D G Jenkins

·

·



To Patch, or not To Patch? That is the Question: A Case Study of System Administrators' Online Collaborative Behaviour
  • Preprint
  • File available

July 2023

·

13 Reads

System administrators, similar to end users, may delay or avoid software patches, also known as updates, despite the impact their timely application can have on system security. These admins are responsible for large, complex, amalgamated systems and must balance the security related needs of their organizations, which would benefit from the patch, with the need to ensure that systems must continue to run unimpeded. In this paper, we present a case study which follows the online life-cycle of a pair of Microsoft patches. We find that communities of sysadmins have evolved sophisticated mechanisms to perform risk assessments that are centred around collecting, synthesizing, and generating information on patches. These communities span different Virtual Communities of Practice, as well as influencers who monitor and report on the impact of new patches. As information is propagated and aggregated across blogs, forums, web sites, and mailing lists, eventually resulting in a consensus around the risk of a patch. Our findings highlight the role that these communities play in informing risk management decisions: Patch information is not static, and it transforms as communities collaborate to understand patch issues.

Download


Fig. 1. Phishing emails sent to two University Lecturers in the same department on the same day. Mildly edited to make them anonymous.
A Case Study of Phishing Incident Response in an Educational Organization

October 2021

·

1,415 Reads

·

21 Citations

Proceedings of the ACM on Human-Computer Interaction

Malicious communications aimed at tricking employees are a serious threat for organizations, necessitating the creation of procedures and policies for quickly respond to ongoing attacks. While automated measures provide some protection, they cannot completely protect an organization. In this case study, we use interviews and observations to explore the processes staff at a large University use when handling reports of malicious communication, including how the help desk processes reports, whom they escalate them to, and how teams who manage protections such as the firewalls and mail relays use these reports to improve defenses. We found that the process and work patterns are a distributed cognitive process requiring multiple distinct teams with narrow system access and tactic knowledge. Sudden large campaigns were found to overwhelm the help desk with reports, greatly impacting staff's workflow and hindering the effective application of mitigations and the potential for reflection. We detail potential improvements to ticketing systems and reflect on ITIL, a common framework of best practice in IT management.


“I Don’t Know Too Much About It”: On the Security Mindsets of Computer Science Students

May 2021

·

36 Reads

·

9 Citations

Lecture Notes in Computer Science

The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples’ code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.


Topics mentioned during free-listing, number of words participants listed associated with that topic, number of unique participants listing at least one word associated with the topic, and a set of sample words representing the range.
"I Don't Know Too Much About It": On the Security Mindsets of Computer Science Students

March 2021

·

108 Reads

The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples' code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.


Figure 2: Total number of emails sent per month for the whole history of the list.
Figure 3: Total number of emails sent per month in 2018.
“Anyone Else Seeing this Error?”: Community, System Administrators, and Patch Information

September 2020

·

185 Reads

·

15 Citations

Applying regular patches is vital for the timely correction of security vulnerabilities, but installing patches also risks disrupting working systems by potentially introducing unknown errors. System administrators must manage the challenges of patching using a combination of reliance on best practice and available information to best match their organizations' needs. In this work, we study how patch-related activities are supported by the mailing list of the website PatchManagement.org which is dedicated to the task. We qualitatively coded 356 list emails sent between March and July, 2018, to understand how members interact with the list community. Based on our results, we argue that the mailing list is an example of an Online Community of Practice, where practitioners engage in communal learning and support. We find that the community supports members in multiple phases of the patching process by providing workarounds before a patch is available, guidance prioritizing released patches, and helping with post-patch trouble. Additionally, the community provides help around tool selection and facilitating discussions.


Topics mentioned during free-listing, number of words participants listed associated with that topic, number of unique participants listing at least one word associated with the topic, and a set of sample words representing the range.
"I Don't Know Too Much About It": On the Security Mindsets of Computer Science Students

September 2019

·

54 Reads

·

10 Citations

The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples' code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.

Citations (5)


... notas de atualização pode atrapalhar o processo de decisão e implementação, expondo sistemas a riscos muitas vezes desnecessários. A principal recomendação do artigo que fica como lição aprendida é a separação de atualizações de segurança das de funcionalidade, de forma a facilitar a gestão e melhorar a segurança geral dos sistemas computacionais.[Jenkins et al. 2024] abordam as práticas de gerenciamento de patches entre administradores de sistemas e como o contexto de trabalho influencia tais práticas. Para tanto, os autores coletaram dados de 220 administradores de sistemas de diversas organizações, examinando fatores como a disponibilidade de ambientes de teste e o uso de Anais do SBSeg 2024: Art ...

Reference:

Obsolescência não-Programada: Análise do Uso de Software Desatualizado em Ambiente de Produção
Not as easy as just update: Survey of System Administrators and Patching Behaviours
  • Citing Conference Paper
  • May 2024

... Qualitative research is a method of inquiry that involves collecting and analyzing non-numerical data, such as text, audio, or video, to gain insights into concepts, opinions, or experiences [42]. It has been used in various fields, including medicine [43], social sciences [44], and usable security [45], and has led to valuable contributions to our understanding of many real-world problems. In this study, we employ the approach of qualitative coding to minimize the subjectivity in human judgment and create a structured representation of phishing emails that is likely to be reproducible by other researchers. ...

"I didn't click": What users say when reporting phishing

... These simulators replicate the various types of phishing attacks, including email, phone, and SMS-based attacks, enabling organizations to experience the impact of a phishing attack without the risk of actual compromise(Naqvi et al. 2023). Phishing simulators offer numerous benefits, including simulators enable organizations to test and refine their incident response plans, ensuring they are prepared to respond effectively in the event of a real-world phishing attack(Althobaiti et al. 2021). Simulators help to educate employees on the dangers of phishing, improving their ability to identify and reportsuspicious emails (Wen et al. 2019). ...

A Case Study of Phishing Incident Response in an Educational Organization

Proceedings of the ACM on Human-Computer Interaction

... The results revealed that participants lack the necessary knowledge and awareness of security principles, and their importance is often underestimated. In the same context, Tahaei et al. (2021) analyzed the perceptions of a group of Computer Science students (n = 20) from a university in Edinburgh (UK), finding a lack of awareness of security and privacy issues. Alharbi and Tassaddiq (2021) analyzed knowledge of cybersecurity in undergraduate students (n = 576) from Majmaah University (Saudi Arabia), finding that participants were unaware of the concept of cybersecurity and lacked knowledge of good practices in terms of secure data management. ...

"I Don't Know Too Much About It": On the Security Mindsets of Computer Science Students

... Another problem is that the information is often distributed across different sources and users have to tediously gather and filter it [7,10]. Trustworthiness of the sources also plays a role [6], which CSAF ingrained in their design, as CSAF trusted providers have to sign and hash their advisories [11]. ...

“Anyone Else Seeing this Error?”: Community, System Administrators, and Patch Information