Dr Ying He

Job: Senior Lecturer in Computer Science

Faculty: Technology

School/department: School of Computer Science and Informatics

Research group(s): Cyber Technology Institute (CTI) (Cyber Security Centre (CSC), Software Technology Research Laboratory (STRL))

Address: De Montfort University, The Gateway, Leicester, LE1 9BH

T: +44 (0)116 257 7614

E: ying.he@dmu.ac.uk

W: http://dmu.ac.uk/cybertech

 

Personal profile

Ying He is a Senior Lecturer of Computer Science in the School of Computer Science and Informatics at De Montfort University, UK.

She obtained her PhD in Computer Science from Glasgow University, UK in 2015, under the supervision of Prof. Chris Johnson.

Ying’s research focuses on cyber threat intelligence, security incident response framework management, security risk management, security decision-making, business analytics in security and human’s aspects of security. She also looks at how security management frameworks and security mechanism can be applied in industry such as healthcare organisations.

Research group affiliations

Key research outputs

Journal Articles

M. Evans, Y. He*, C. Luo, I. Yevseyeva, H.Janicke, E. Zamani and L. Maglaras. Real-time information security incident management: a case study using the IS-CHEC technique. IEEE Access. 2019. Accepted. (Impact Factor 4.098).

S. Nafea, Y. He*, F.Siewe. On Recommendation of Learning Objects using Felder Silverman Learning Style Model. IEEE Access. 2019.  (IF 4.098).

M. Evans, Y. He*, C. Luo, I. Yevseyeva, H.Janicke and L. Maglaras. Employee perspective on information security related human error in healthcare: Proactive use of IS-CHEC in questionnaire form. IEEE Access. 2019.  (Impact Factor 4.098).

M. Evans, Y. He*, L. Maglaras and H.Janicke. Evaluating Information Security Core Human Error Causes (IS-CHEC) Technique in Public Sector and Comparison with the Private Sector. International Journal of Medical Informatics. 2019. (Impact Factor 3.210).

P. Loft, Y. He*, I. Wagner and H. Janicke. Dying of a hundred good symptoms: why good security fails. Enterprise Information Systems. 2019.

M. Vitunskaite, Y. He*, T. Brandstetter and H. Janicke. Smart Cities and Cyber Security: Are We There Yet? A Comparative Study on the Role of Standards, Third Party Risk Management and Security Ownership. Computers & Security. 2019.  (Impact Factor 3.062).

E. Zamani, Y. He*, and M. Philips. On the Security Risks of the Blockchain. Journal of Computer Information Systems. 2018.

M. Evans, Y. He*, L. Maglaras,  and H. Janicke. HEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidents. Computers & Security. 2018 (Impact Factor 3.062). 

A. Al-Barnawi, Y. He*, L. Maglaras, and H. Janicke. Electronic Medical Records and Risk Management in Hospitals of Saudi Arabia. Informatics for Health and Social Care. 2018. 

A. Wood, Y. He*, L. Maglaras and H. Janicke. Security Architectural Pattern for Risk Management of Industry Control Systems within Critical National Infrastructure. International Journal of Critical Infrastructures. 2018.

Y. He*, and C.W. Johnson. Challenges of Information Security Incident Learning: An Industrial Case Study in a Chinese Healthcare Organisation. Informatics for Health and Social Care. 2017.

M. Evans, L. Maglaras, Y. He*, and H.Janicke,. Human Behaviour as an Aspect of Cyber Security Assurance. Security and Communication Networks. 2016.

N. Ayres, L. Maglaras, H. Janicke, and Y. He*. The mimetic virus: A vector for cyber terrorism. International Journal of Business Continuity and Risk Management. 2016.

L. A. Maglaras, A. H. Al-Bayatti, Y. He, I. Wagner, and H. Janicke. Social Internet of Vehicles for Smart Cities. Journal of Sensor and Actuator Networks. 2016.  

Y. He*, and C.W. Johnson. Improving the Redistribution of the Security Lessons in Healthcare: An Industrial Evaluation of the Generic Security Template. International Journal of Medical Informatics. 2015. (Impact Factor 3.210).

Y. He*, and C.W. Johnson. Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records. Journal of Trust Management. 2015.  

 

Book Chapter

L. Maglaras, Y. He*, H. Janicke, and M.A. Ferrag. “Internet of Cloud: Security and Privacy issues” in Cloud Computing for Optimization: Foundations, Applications, Challenges. Springer. 2017. 

 

Conference Papers

C. Luo, H. Soygazi, Y. He*. Security Defense Strategy for Intelligent Medical Diagnosis Systems (IMDS). 2019 41th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC). 2019. accepted.

M. Evans, Y. He, I. Yevseyeva and H. Janicke.  Analysis of published public sector information security incidents and breaches to establish the proportions of human error. International Symposium on Human Aspects of Information Security & Assurance (HAISA). 2018.

Aliyu, F. Chen, Y. He, and H. Yang. QoS-aware Adaptive Capacity Management for Real-time EdgeIoT Applications. The 2017 IEEE International Conference on Software Quality, Reliability & Security, 2017.

Aliyu, F. Chen, Y. He, and H. Yang. A Game-Theoretic Based QoS-aware Capacity Management for Real-time EdgeIoT Applications. The 2017 IEEE International Conference on Software Quality, Reliability & Security, 2017.

G. Hawthorne, Y. He, L. Maglaras, and H. Janicke. Security Visualization: Detecting Denial Of Service. 2nd EAI International Conference on Industrial Networks and Intelligent Systems (INISCOM 2016) Leicester, UK, Oct 31- Nov 2, 2016. 

N. Tailor, Y. He and I. Wagner, Poster: Design Ideas for Privacy-aware User Interfaces for Mobile Devices, Proceedings of ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'16), Darmstadt, Germany, July 2016.

I. Wagner, Y. He, D. Rosenberg and H. Janicke, User Interface Design for Privacy Awareness in eHealth Technologies, Proceedings of 13th IEEE Annual Consumer Communications & Networking Conference (CCNC 2016), Las Vegas, NV, January 2016, pp. 38-43. 

Y. He, L.A. Maglaras, H. Janicke, and K. Jones. An industrial control systems incident response decision framework. In Communications and Network Security (CNS), 2015 IEEE Conference on 2015 Sep 28 (pp. 761-762). IEEE.

Y. He, and H. Janicke. Towards agile industrial control systems incident response. Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 Sep 17 (pp. 95-98). British Computer Society.

Y. He, and C.W. Johnson, M. Evangelopoulou and Z.S. Lin. Diagraming Approach to Structure the Security Lessons: Evaluation using Cognitive Dimensions. The 7th International Conference on Trust & Trustworthy Computing, Crete, Greece, 2014.

Y. He, and C.W. Johnson. Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records. The 8th IFIP WG 11.11 International Conference on Trust Management, Singapore, 2014.

Y. He, and C.W. Johnson. Improving the Information Security Management: An Industrial Study in the Privacy of Electronic Patient Records. IEEE CBMS 2014 - The 27th International Symposium on Computer-Based Medical Systems, New York, the US, 2014. 

Y. He, and C.W. Johnson, K. Renaud et al. An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents. The 6th International Conference of Computer Science and Information Technology, Amman, Jordan, 2014. 

Y. He, and C.W. Johnson. Generic Security Cases for Information System Security in Healthcare Systems. 7th IET International Conference on System Safety, Incorporating the Cyber Security Conference, Edinburgh, UK, 2012.

Research interests/expertise

  • Security Incident Response
  • Security Risk Management
  • Information Governance
  • Healthcare Informatics
  • Security Business Analytics
  • Usable Security
  • Cyber Threat Intelligence

Qualifications

PhD in Computer Science at Glasgow University

Postgraduate Certificate in Higher Education (PGCertHE)

Senior Fellowship HEA

Courses taught

  • Database Design (BSc)
  • Devices and Networks (BSc)
  • Database Systems & Design (MSc)
  • MSc: Cyber Threat Intelligence (MSc)
  • MSc: Penetration Testing and Incident Response (MSc)

Honours and awards

  • 2013-2014: Scottish Informatics and Computer Science Alliance (SICSA) Postgraduate Industry Internship.
  • Jun 2014: 8th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2014) Travel Award.

Projects

Grants (External)

2019 – 2020 RITICS & NCSC - AIR4ICS (RITICS & NCSC, Co-Investigator, £250k)

  • Title: Agile Incident Response for Industrial Control Systems  (AIR4ICS)
  • This project will develop an agile framework to address the challenges of industrial control system’s cyber incident response.  

2018  2019 INNOVATE UK - ACTIVE (Innovate UK, Principal Investigator, Stage 1, 2 and 3, Total £100k)                                                                              

  • Title: Adaptive Cyber Threat Intelligence for Security Investment Optimisation (ACTIVE)
  • Research Team: Three Academics and Four Scientific Developers
  • In collaboration with industrial partners, this project develops a security decision-making system that can assist security decision makers to optimise their security investment and resource utilisation.

Grants (Internal)

2019  2022 DOCTORAL COLLEGE FEE WAIVER SCHOLARSHIPS  (DMU, £41k)                        

  • PhD (1st supervisor): Aliyu Aliyu
  • Title: Cyber Threat Intelligence Sharing and its Impact on Security Professionals.
  • This project will develop a guideline for improving the design and implementation of cyber threat intelligence sharing platform.

2019  2020 FUTURE RESEARCH LEADER PROGRAM  (DMU, £1.5k) 

2015  2016 DMU HEIF (DMU, Principal Investigator, £7k)         

  • A collaborative project between DMU Cyber Technology Institutes (CTI), Centre of Computational Intelligence (CCI), and Prof. James Hendler who runs the Tetherless Institute at Rennesselaer Polytechnic Institute (RPI) and Prof. Amy Pritchett at Georgia Institute of Technology (GIT).
  • This project developed an incident response decision-making framework that visualises current risk status (descriptive knowledge), predicts risk trends (predictive knowledge) and provides risk decision-making support (prescriptive knowledge). 

Forthcoming events

Conference attendance

  • Conference Talk: Towards Agile Industrial Control Systems Incident Response. International Symposium for ICS & SCADA Cyber Security Research. 17 Sep 2015.

  • Invited Talk: Generic Security Templates for information system security arguments - Mapping security arguments within healthcare systems, School of Computing Science, Newcastle University, UK, 21 October 2014.

  •  Conference Talk: Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records, Singapore (IFIPTM 2014), 9 July 2014.

  •  Conference Talk: An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents, Amman, Jordan (CSIT 2014), 27 March 2014.

  • Conference Talk: Generic Security Cases for Information System Security in Healthcare Systems, Edinburgh, UK (System Safety Conference 2012), 16 October 2012.

Current research students

• Mark Glenn Evans, Human Factors of Cyber Security Assurance, 1st supervisor.
• Paul Loft, Agile Enterprise Security Architecture (A-ESA): How can traditional ESAs be optimised to serve the emerging behaviours of the lean enterprise? 1st supervisor.
• Adebamigbe (Alex) Fasanmade, Adaptive security mechanism in vehicular ad hoc network (VANET), 1st supervisor
• Emmanuel Ocheme Ochoga, Contextual Forces and the Issue of Privacy: Implication for future adoption, 1st supervisor.
• Shaimaa Mohamed Ahmed Hassan Nafea, A Novel Adaptation Model for Learning Management Systems, 2nd supervisor.
• Suleiman Onimisi Aliyu, Adaptive resource management in InterCloud Computing, 2nd supervisor
• Yuanchen Xu, An Intelligent Decision Support System for Business IT Security Strategy, 2nd supervisor.

Externally funded research grants information

2019 – 2020 RITICS & NCSC - AIR4ICS (RITICS & NCSC, Co-Investigator, £250k)

  • Title: Agile Incident Response for Industrial Control Systems  (AIR4ICS)
  • This project will develop an agile framework to address the challenges of industrial control system’s cyber incident response.  

2018  2019 INNOVATE UK - ACTIVE (Innovate UK, Principal Investigator, Stage 1, 2 and 3, Total £100k)                                                                              

  • Title: Adaptive Cyber Threat Intelligence for Security Investment Optimisation (ACTIVE)
  • Research Team: Three Academics and Four Scientific Developers
  • In collaboration with industrial partners, this project develops a security decision-making system that can assist security decision makers to optimise their security investment and resource utilisation.

Internally funded research project information

2019  2022 DOCTORAL COLLEGE FEE WAIVER SCHOLARSHIPS  (DMU, £41k)                        

  • PhD (1st supervisor): Aliyu Aliyu
  • Title: Cyber Threat Intelligence Sharing and its Impact on Security Professionals.
  • This project will develop a guideline for improving the design and implementation of cyber threat intelligence sharing platform.

2015  2016 DMU HEIF (DMU, Principal Investigator, £7k)         

  • A collaborative project between DMU Cyber Technology Institutes (CTI), Centre of Computational Intelligence (CCI), and Prof. James Hendler who runs the Tetherless Institute at Rennesselaer Polytechnic Institute (RPI) and Prof. Amy Pritchett at Georgia Institute of Technology (GIT).
  • This project developed an incident response decision-making framework that visualises current risk status (descriptive knowledge), predicts risk trends (predictive knowledge) and provides risk decision-making support (prescriptive knowledge). 

Professional esteem indicators

Member of Editorial Board & Reviewer 

• Journal: Mobile Networks and Applications. 

• Journal: EAI Transactions on Industrial Networks and Intelligent Systems.

• Journal: Journal of Information Security and Applications

• Conference: European Simulation and Modelling Conference (ESM)

• Conference:  International Symposium for ICS & SCADA Cyber Security Research (ICS-CSR)

• 8th International Conference on Emerging Ubiquitous Systems and Pervasive Networks, 2017. Technical Program Committee: Member.

Conference Track/Workshop Chairs

• The IEEE International Conference on Bioinformatics and Biomedicine (BIBM), 2019. Workshop: The 1st International Workshop on Sustainable Medical Informatics. Chairs: Cunjin Luo, Ying He, and Dominic Whittaker. http://ieeebibm.org/BIBM2019/Workshops.html

• EAI International Conference on Industrial Networks and Intelligent Systems, 2016. Organising Committee: Publication Chair

• European Simulation and Modelling Conference, 2016. Program Committee: Track Chair. 

Ying

Search Who's Who

 
News target area image
News

DMU is a dynamic university, read about what we have been up to in our latest news section.

Events target area image
Events

At DMU there is always something to do or see, check out our events for yourself.

Mission and vision target area image
Mission and vision

Read about our mission and vision and how these create a supportive and exciting learning environment.