Abstract: Various embodiments assess security risks of users in computing networks. In some embodiments, an interaction item is sent to an end user electronic device. When the end user interacts with the interaction item, the system collects feedback data that includes information about the user's interaction with the interaction item, as well as technical information about the electronic device. The feedback is compared to a plurality of security risk scoring metrics. Based on this comparison, a security risk score for the user with respect to a computing network.

Abstract: Computer-based systems and methods for discovering neighborhood clusters in a geographic region, where the clusters have a mix of venues and are determined based on venue check-in data. The mix of venues for the clusters may be based on the social similarity between pairs of venues; or emblematic of certain neighborhood typologies; or emblematic of temporal check-in pattern types; or combinations thereof. The neighborhood clusters that are so discovered through venue-check in data could be used for many commercial and civic purposes.

Abstract: An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actutable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.

Abstract: A system and method configures permission settings for applications (“apps”) running on a computing device of a user. A data center generates at least one model of collective privacy preferences. The computing device is in communication with the data center via a communications network. The computing device comprises a processor that execute at least a first app that requests access to at least one permission of the computing device and a personal privacy assistant app. The personal privacy assistant app receives the at least one model from the one or more servers of the data center; collects information about the user; identifies at least one recommended permission setting for the first app based on the at least one model and such that the recommended permission setting is user-specific; and configures the computing device to implement the received at least one user-specific recommended permission setting.

Abstract: An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actutable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.

Abstract: A system manages computer security risks associated with message file attachments. When a user of an electronic device with a messaging client attempts to open an attachment to a message that is in the client's inbox, the system will analyze the message to determine whether the message is a legitimate message or a potentially malicious message without the need to actually process or analyze the attachment itself. If the system determines that the received message is a legitimate message, the system will permit the attachment to actuate on the client computing device. If the system determines that the received message is not or may not be a legitimate message, the system will continue preventing the attachment from actuating on the client computing device.

Abstract: A client electronic device of an electronic message analysis system receives a user activation action indicating that a user has reported a message received at the client device a potentially malicious. The client device then determines whether to forward the message to a remote service for analysis by assessing whether the received message originated from a trusted sender. If and only if the client device determines that the received message originated from a trusted sender, it will permit the client device to take other action on the received message and not report the received message to a remote service for further analysis. If the client device does not determine that the received message originated from a trusted sender, it will report the received message to a remote service for further analysis.

Abstract: A system manages computer security risks associated with message file attachments. When a user of an electronic device with a messaging client attempts to open an attachment to a message that is in the client's inbox, the system will analyze the message to determine whether the message is a legitimate message or a potentially malicious message without the need to actually process or analyze the attachment itself. If the system determines that the received message is a legitimate message, the system will permit the attachment to actuate on the client computing device. If the system determines that the received message is not or may not be a legitimate message, the system will continue preventing the attachment from actuating on the client computing device.

Abstract: A system assesses the susceptibility of an electronic device user to a cybersecurity threat by sensing a user action with respect to the electronic device. The system maps the sensed data to a training needs model to determine whether the sensed data corresponds to a pattern associated with a threat scenario in the training needs model. When the system determines that the sensed data corresponds to a pattern associated with a threat scenario in the training needs model, identify a cybersecurity threat scenario for which the user is at risk, and use the training needs model to estimate susceptibility of the user to the cybersecurity threat scenario.

Abstract: Computer-based systems and methods for discovering neighborhood clusters in a geographic region, where the clusters have a mix of venues and are determined based on venue check-in data. The mix of venues for the clusters may be based on the social similarity between pairs of venues; or emblematic of certain neighborhood typologies; or emblematic of temporal check-in pattern types; or combinations thereof. The neighborhood clusters that are so discovered through venue-check in data could be used for many commercial and civic purposes.

Abstract: A system assesses the susceptibility of an electronic device user to a cybersecurity threat by identifying information relating to the user of an electronic device, selecting a mock attack, and causing the mock attack to be deployed to the user so that the user receives the mock attack in the user's regular context of use of the electronic device. When a sensor detects a user action that the user has interacted with the electronic device in response to the mock attack, the system will record the sensed user action and use the sensed user action to determine the susceptibility of the user to a cybersecurity threat. In some embodiments, the lack of user action in response to a mock attack also may be used to determine the user's susceptibility to a cybersecurity threat.

Abstract: A cybersecurity training system uses lures and training actions to help train a user of an electronic device to recognize and act appropriately in situations that could compromise electronic device security. The system includes a library of cybersecurity training actions and a library of brand items. The system retrieves a template for a cybersecurity training action from the first library, automatically modifies the retrieved template to include a brand or branded content from the second library, and causes the cybersecurity training action according to the modified template instantiated with the branded content to be sent to the user's electronic device.

Abstract: An electronic message analysis system of a cybersecurity network assesses whether a received message is a mock malicious message in response to, receiving a user activation action that indicates that the user has reported the received message as a potentially malicious message. The system does this by determining whether any header field of a header section of the message starts with a predetermined key. For any header field that starts with the predetermined key, the system determines whether a value that follows the predetermined key satisfies a trusted sender rule. If the value that follows the predetermined key satisfies the trusted sender rule, the system determines that the received message originated from a trusted sender. If the value that immediately follows the predetermined key does not satisfy the trusted sender rule, the system determines that the received message did not originate from a trusted sender.

Abstract: In a cybersecurity network, a system identifies and classifies non-malicious messages by receiving a user notification indicating that the user has reported a received message as potentially malicious message, and determining whether the received message is legitimate or potentially malicious. When the system determines that the message is a legitimate, it further analyzes the message to assign a class that may include trusted internal sender, trusted external sender, or training a simulated phishing message. It will then cause the user's device to provide the user with information corresponding to the assigned class. The system may also quarantine a received message and release the message from the quarantine only after determining that the message is legitimate and receiving a user acknowledgment.

Abstract: Various embodiments assess security risks of users in computing networks. In some embodiments, an interaction item is sent to an end user electronic device. When the end user interacts with the interaction item, the system collects feedback data that includes information about the user's interaction with the interaction item, as well as technical information about the electronic device. The feedback is compared to a plurality of security risk scoring metrics. Based on this comparison, a security risk score for the user with respect to a computing network.

Abstract: A system assesses the susceptibility of an electronic device user to a cybersecurity threat by sensing a user action with respect to the electronic device. The system maps the sensed data to a training needs model to determine whether the sensed data corresponds to a pattern associated with a threat scenario in the training needs model. When the system determines that the sensed data corresponds to a pattern associated with a threat scenario in the training needs model, identify a cybersecurity threat scenario for which the user is at risk, and use the training needs model to estimate susceptibility of the user to the cybersecurity threat scenario.

Abstract: A system assessing the susceptibility of an electronic device user to a cybersecurity threat by identifying information relating to the user of an electronic device, selecting a mock attack, and causing the mock attack to be deployed to the user so that the user receives the mock attack in the user's regular context of use of the electronic device. When the a sensor detects a user action that the user has interacted with the electronic device in response to the mock attack, the system will record the sensed user action and us the sensed user action to determine the susceptibility of the user to a cybersecurity threat. In some embodiments, the lack of user action in response to a mock attack also may be used to determine the user's susceptibility to a cybersecurity threat.

Abstract: A training system senses a user action that may expose the user to a threat, such as a cybersecurity threat. The user action may be in response to a mock attack delivered via a messaging service, a wireless communication service, a fake malware application or another device, service, system or mechanism. The system selects a training action from a collection of available training actions and causes the training action to be delivered to the user.

Abstract: Context-aware training systems, apparatuses and systems. The context-aware training systems, apparatuses and systems are computer-implemented and include sensing a user action and, based on a training needs model, estimating a cost or benefit to exposing the user to a training action, selecting a training action from a collection of available training actions and delivering the training action to the user if the user action indicates a need for the user to be trained and the cost or benefit to exposing the user to the training action indicates user exposure to the training action is warranted.

Abstract: A cybersecurity training system uses lures and training actions to help train a user of an electronic device to recognize and act appropriately in situations that could compromise electronic device security. The system includes a library of cybersecurity training actions and a library of brand items. The system retrieves a template for a cybersecurity training action from the first library, automatically modifies the retrieved template to include a brand or branded content from the second library, and causes the cybersecurity training action according to the modified template instantiated with the branded content to be sent to the user's electronic device.