People
Barbara Endicott-Popovsky vCard
University of Washington Information School Research Associate Professor, Director, Center for Information Assurance and CybersecurityOffice: Roosevelt Commons Building 404
Work Phone: 206.284.6123
Fax: 206.616.5149
Website: http://ciac.ischool.washington.edu/
Primary Areas of Expertise
Current Quarter Teaching
- INFX 571 - Research seminar
Biography
Barbara Endicott-Popovsky is the Director for the Center of Information Assurance and Cybersecurity at the University of Washington, designated by the NSA/DHS as a Center for Academic Excellence in Information Assurance Education and Research. She holds a joint faculty appointment with the Information School and the School of Urban Design and Planning--Critical Infrastructure, following a 20-year industry career marked by executive and consulting positions in IT architecture and project management. Her research interests fall under the umbrella of managing/mitigating network risks: deception, governance and network forensic readiness.
Education
- Ph D, University of Idaho, 2005
- MS, Seattle Pacific University, 1987
- Bachelor of Medicine, University of Washington, 1985
- BA, University of Pittsburgh, 1967
Memberships
- American Academy of Forensic Scientists: Digital and Multimedia Section
- Colloquium for Information Systems Security Education
- Information Systems Security Association
- Infragard
- Institute for Operations Research and the Management Sciences
- Institute of Electrical and Electronics Engineers
- International Federation for Information Processing, Agora
- Northwest Regional Computer Forensics Cooperative
Secondary Areas of Expertise
- Ethics of Information and Technology
- Free Speech
- Learning in Distributed/Virtual Groups
- Management Information Systems
- Management of Information Systems
- Mobile Computing
- Network Administration
- Privacy
- Project Management
- Qualitative Methods
- Quantitative Methods
- Software Engineering
- Systems Dynamics
Publications and Contributions
-
Journal Article, Academic Journal Application of pedagogical fundamentals for the holistic development of cybersecurity professionals (2013) ACM Special Publication: Cybersecurity Edition
-
Conference Paper Unintended consequences: Digital forensics literacy and the legal system (2013) 65th Annual Scientific Meeting of the American Academy of Forensic Scientists
-
Conference Paper 2TAC: Distributed access control architecture for “Bring Your Own Device” security (2012) RISE Workshop on Redefining and Integrating Security Engineering
-
Journal Article, Academic Journal An Unintended consequence of the Information Age: Challenges of digital forensics (2012) IEEE Security and Privacy
-
Book, Chapter in Scholarly Book-New Analyses of the Effects of New Technology and Security Requirements on Service-Oriented Software Reengineering (2012) Agile and Lean Service-Oriented Development: Foundations, Theory and Practice
-
Book, Chapter in Scholarly Book-New Analyses of the effects of evolving legacy software into secure service-oriented software using scrum and a visual model (2012) Agile and Lean Service-Oriented Development: Foundations, Theory and Practice page 196-217
-
Journal Article, Academic Journal Are we prepared for the economic risk resulting from telecom hotel disruptions? (2012) International Journal on Critical Infrastructure Protection Volume 5 Issue 2 page 55-65
-
Book, Chapter in Scholarly Book-New Cloud forensics: Records, retrieval and response integrating information assurance, records management and digital forensics (2012) Cloud Forensics page TBD
-
Journal Article, Academic Journal Digital evidence education in schools of law (2012) Journal on Digital Forensics, Security and Law Volume 7 Issue 2 page TBD
-
Book, Chapter in Scholarly Book-New Disruptive political use of ICTs in contentious politics: the between-cases analysis (2012) Politics in the Information Age
-
Conference Paper Folk wisdom as forward thinking: Applying the ideas of our past for a more resilient future (2012) The Critical Infrastructure Symposium
-
Conference Paper Hackers at the state service: Cyberwars against Estonia and Georgia (2012) Proceedings of the 7th International Conference on Information Warfare and Security ICIW
-
Book, Chapter in Scholarly Book-New Legal requirements and case law for Cloud forensic investigations (2012) Cloud Forensics page TBD
-
Conference Paper On the creation of reliable digital evidence (2012) Proceedings of the 8th Annual IFIP WG 11.9 Conference
-
Journal Article, Academic Journal Privacy in the USA: Technological perspectives (2012) Privacy and Data Protection: Managing Information Matters Volume 1 Issue 1 page 5-7
-
Conference Short Paper Provisioning secure coding curricular resources: Toward robust software (2012) 16th Colloquium for Information Systems Security Education
-
Conference Paper Scalable and reusable attack aware software (2012) RISE Workshop on Redefining and Integrating Security Engineering
-
Conference Paper Sicherheit von Messgeräten und der Beweiswert digitaler Daten [Safety of measuring instruments and the probative value of digital data] (2012) D-A-C-H Security
-
Book, Chapter in Scholarly Book-New The Seattle Westin meet-me room: Unacceptable risk to our Internet Structure (2012) Critical Infrastructure Protection VI
-
Conference Paper The information security behavior of home users: Exploring a user's risk tolerance in the framework of protection motivation theory (2012) Dewald Roode Information Security Workshop organized by IFIP 8.11/11.13 Working Group
-
Journal Article, Academic Journal Unintended consequences: Digital evidence in our legal system (2012) IEEE Security and Privacy Volume 10 Issue 2 page 80-83
-
Journal Article, Academic Journal Unintended consequences: Digital evidence in our legal system (2012) The Washington State Bar News: The official publication of the Washington State Bar Association Volume 66 Issue 8 page 11-15
-
Conference Paper Alternative approach to assessing military training for advanced placement into engineering and technology programs (2011) Proceedings from 118th Annual ASEE Conference and Exposition
-
Journal Article, Academic Journal Fuzzy clustering-based anomaly detection for updating intrusion detection signature files (2011) Journal of Information Assurance and Security Volume 6 page 462–468 ISBN/ISSN: 1554-1010
-
Conference Paper Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work (2011) IEEE 8th International Conference on Information Technology : New Generation (ITNG)
-
Conference Paper Software reengineering approach to teaching secure coding practices (2011) Proceedings from the 15th Colloquium for Information Systems Security Education page 29-36
-
Conference Poster Visualizing an information assurance risk taxonomy (2011) Proceedings from IEEE Conference on Visual Analytics and Technology (VAST) page 287-288
-
Conference Paper A systematic approach to information systems security education (2010) 14th Colloquium for Information Systems Security Education
-
Conference Paper Assessment of virtualization as a sensor technique (2010) 5th International Workshop on Systematic Approaches to Digital Forensic Engineering
-
Conference Abstract Dams: Our critical infrastructure, an educational model (2010) Proceedings of the ASDSO 2010 Dam Safety Conference
-
Conference Paper Digital records forensics: An interdisciplinary program for forensic readiness (2010) Conference on Digital Forensics, Security and Law
-
Conference Paper Drive-by downloads (2010) Hawaii International Conference on System Sciences
-
Conference Paper Game programmers with secure coding: From console to web services applications (2010) 3rd Annual International Conference on Computer Games, Multimedia and Allied Technology
-
Report Pacific Rim Collegiate Cyber Defense Competition as a venue for scientific inquiry and experimentation (2010)
-
Journal Article, Professional Journal Secure software education: A contextual model-based approach (2010) International Journal of Secure Software Engineering Volume 1 Issue 4 page 35-61
-
Journal Article, Professional Journal Securing virtual worlds (2010) SC Magazine
-
Conference Paper Software reengineering based security teaching (2010) 7th Annual International Conference on International Conference on Cybernetics and Information Technologies, Systems and Applications
-
Conference Paper System security capability assessment model development and application (2010) 20th Anniversary INCOSE International Symposium
-
Conference Paper Top-down mandates and the need for organizational governance, risk management, and compliance in China: A discussion (2010) 6th Asian-Pacific Economic Association Conference
-
Report A scientific research and development approach to transforming cybersecurity (2009)
-
Report Final report: Next generation honeypots: The value of virtualization (2009)
-
Breakout session notes Round table at the Talaris Conference Center: Breakout session notes (2009)
-
Conference Paper Use of deception to improve client honeypot detection of drive-by-download attack (2009) Human Computer Interface (HCI) Conference.
-
Conference Paper An operational framework for service oriented architecture network security. (2008) Hawaii International Conference on System Sciences
-
Conference Paper Data classification and binding: Models for compliance (2008) Information Systems Compliance and Risk Management Institute
-
Conference Paper Digital forensics and records management: What we can learn from the discipline of archiving (2008) Information Systems Compliance and Risk Management Institute
-
Conference Paper Identification of malicious web pages through analysis of underlying DNS and web server relationships (2008) 4th IEEE LCN Workshop on Network Security. page 935-941
-
Book, Chapter in Scholarly Book-New Identifying and analyzing web server attacks (2008) Advances in Digital Forensics IV page 151-162
-
Conference Paper Integrating academics, the community and industry (2008) Physical Culture and Sports: Analysis of Social Processes
-
Report Interim Report: Next generation honeypots project: The value of virtualization (2008)
-
Conference Paper Justifying the need for forensically ready protocols: A case study of identifying malicious web servers using client honeypots (2008) 4th Annual IFIP WG 11.9 Conference Volume IV
-
White Paper Practical answers: A practitioner's roll call of cybersecurity research opportunities (White Paper #6) (2008)
-
Conference Paper Proceedings for 2nd Annual Information Security and Risk Management Institute (ISCRMI) Proceedings (2008)
-
Conference Paper Toward trustworthy service consumers and producers (2008) Third International Conference on Internet and Web Applications and Services page 451-456
-
White Paper Transforming cybersecurity research: The Deming analogy (White Paper #2) (2008)
-
Journal Article, Professional Journal A theoretical framework for organizational network forensic readiness. (2007) Journal of Computers Volume 2 Issue 3 page 11-Jan
-
Book, Chapter in Scholarly Book-New Calibration testing of network tap devices (2007) Advances in Digital Forensics III page 13-Jan
-
Conference Paper Capture: A tool for behavioral analysis of applications and documents (2007) 7th Digital Forensic Research Workshop page 23-30
-
Conference Abstract Challenge paper: Validation of forensic techniques for criminal prosecution (2007) 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering page 150-151
-
Conference Paper Embedding Hercule Poirot in networks: Addressing inefficiencies in digital forensic investigations (2007) Human Computer Interface (HCI) Conference page 364-372
-
Conference Paper Establishing tap reliability in expert witness testimony: Using scenarios to identify calibration need (2007) 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering page 131-146
-
Conference Paper Forensics education: Assessment and measures of excellence (2007) 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering page 155-165
-
Conference Paper Role of calibration as part of establishing foundation for expert testimony (2007) 3rd Annual IFIP WG 11.9 Conference Volume III
-
Journal Article, Professional Journal Specifying digital forensics: Formalizing forensics policies (2007) Digital Investigations Volume 4 Issue S1 page 101-104
-
Conference Paper The observability calibration test development framework (2007) 8th IEEE Systems, Man and Cybernetics Information Assurance Workshop page 61-66
-
Conference Paper Adding the fourth 'R': A systems approach to solving the hacker's arms race (2006) Hawaii International Conference on System Sciences (HICSS) 39 Symposium: Skilled Human-intelligent Agent Performance: Measurement, Application and Symposium
-
Conference Paper Embedding forensic capabilities into networks: Addressing inefficiencies in digital forensics investigations (2006) 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop page 133-139
-
Conference Abstract Physical culture pedagogical system (2006) III International Congress: People, Sport and Health
-
Journal Article, Academic Journal Seeking a balance: Online safety for our children. (2006) ACM Journal on Educational Resources in Computing Volume 6 Issue 4 page 1
-
Conference Paper Adopting extreme programming on a graduate student project (2005) 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop page 454-455
-
Conference Paper Community security awareness training (2005) 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop page 373-379
-
Journal Article, Academic Journal Deriving a capability maturity model for assessing the security of electric utilities (2005) Academy of Information & Management Sciences Journal Volume 8 Issue 1 page 18-Jan
-
Journal Article, Academic Journal Digital records forensics: An interdisciplinary program for forensic readiness (2005) Journal on Digital Forensics, Security and Law Volume 5 Issue 2
-
Conference Paper International curriculum design for undergraduate computer science (2005) ACM Special Interest Group on Computer Science Education (SigCSE)
-
Conference Abstract Physical culture pedagogy: Coaching by design (2005) Methods for Modernizing Physical Culture: Selection of Scientific and Methodological Works page 176-187
-
Conference Poster Redefining computer security to include forensics (2005)
-
Conference Paper Secure code: The capstone class in an IA track (2005) 9th Colloquium for Information Systems Security Education page 100-108
-
Conference Paper The New Zealand Hacker Case: A post mortem. (2005) Safety and Security in a Networked World: Balancing Cyber-Rights & Responsibilities Conference.
Presentations
-
". Digital Records Forensics—From Law Enforcement to RIM" (2012)
-
"1. Information and cybersecurity: Trust and digital records in an increasingly networked September 25-26, 2012 " (2012)
Presented at: Peter Wall Institute
-
"1. Privacy and cybercrime: The individual’s responsibilities in staying safe online" (2012)
Presented at: Aberystwyth University and the National Library of Wales
-
"2. Unintended consequences of embracing the Internet. Archives and Records Management " (2012)
Presented at: Aberystwyth University
-
"Operational Challenges: IA" (2012)
-
"Security in Virtual Worlds: Can I trust your avatar?" (2012)
Presented at: National Defense University
-
"Welcome incoming 2012-13 class" (2012)
Presented at: Archives and Records Management Program, Department of Information Studies, Aberystwyth University
-
"Challenges securing the smart grid: Lessons learned from cybersecurity" (2011)
Presented at: Institute of Embedded Engineering of Korea
-
"Developing cyber defenders to protect the homeland: One university’s approach" (2011)
Presented at: Daegu Gyeongbuk Institute of Science and Technology (DGIST)
-
"Developing cyber defenders to protect the homeland: The CCDC" (2011)
Presented at: Yeungnam University
-
"Forensic readiness and the challenges of the cloud" (2011)
Presented at: Association of Canadian Archivists@UBC 2011 International Symposium
-
"Privacy in the cloud" (2011)
-
"Privacy in the Cloud: The unintended consequences" (2011)
-
"Risk Assessment and Cloud Strategy Development " (2011)
Presented at: Microsoft
-
"Transitioning America's veterans to STEM academic programs" (2011)
Presented at: National Science Foundation
-
"Where are the Cyber Security Experts?: Incentivizing Universities to Rise to the Challenge the National IA Education & Training Program (NIETP)" (2011)
Presented at: Daegu Gyeongbuk Institute of Science and Technology (DGIST)
-
"A panel on digital forensics education: A cross institutional perspective" (2010)
Presented at: SAFDE - Systematic Approaches to Digital Forensic Engineering
-
"Cybersecurity Awareness Month" (2010)
Presented at: Seattle Public Library
-
"Digital records forensics: An interdisciplinary program for forensic readiness" (2010)
Presented at: Edith Cowan University
-
"IA research" (2010)
Presented at: INSER - Institute for National Security Education & Research, University of Washington
-
"NW Honeynet Chapter" (2010)
Presented at: Honeynet Project
-
"Panel on risk management" (2010)
Presented at: SLAIS - School of Library, Archival, and Information Science, University of British Columbia
-
"Supreme Court Judges' digital forensics workshop" (2010)
-
"Virtual World Security" (2010)
Presented at: INSER - Institute for National Security Education & Research, University of Washington
-
"IA research at the University of Washington" (2009)
Presented at: APWG - Anti-Phishing Working Group
-
"The CIAC" (2009)
Presented at: IARPA - Intelligence Advanced Research Projects Activity
-
"The CIAC" (2009)
Presented at: SecureWorld Expo
-
"Security and privacy in an expanding cyber world" (2008)
Presented at: ACSAC - Annual Computer Security Applications Conference
-
"Digital forensics workshop" (2007)
Presented at: School of Law, University of Washington