Understanding Security Learning & Addressing the Digital Security Divide
Summary
Users receive a multitude of digital- and physical-security advice every day. Indeed, if we implemented all the security advice we received, we would never leave our houses or use the Internet. Instead, users selectively choose some advice to accept and some (most) to reject; however, it is unclear whether they are effectively prioritizing what is most important or most useful. If we can understand from where and why different groups of users take security advice, we can develop more effective security interventions.
Research Questions
In order to better understand users’ security advice use and behaviors, we seek to answer the following research questions:
- Where or from whom do users learn digital- and physical-security behaviors?
- Why do users accept or reject different advice?
- How do users’ advice sources, reasons for accepting or rejecting advice, and valuation of advice differ for digital and physical security?
- How do demographics, and exposure to security-sensitive content and workplace training, impact the use of different advice sources or users’ reasons for accepting or rejecting advice?
- Do different advice sources lead to stronger intentions to behave securely?
- How can we improve security advice and develop more effective learning tools?
- What methods can be used to ensure that good security advice is heeded and the credibility of poor advice is reduced?
- Can we target advice precisely where it is most needed?
Presentations & Publications
- Redmiles, E.M., Kross, S., and Mazurek, M.L. Where is the Digital Divide? Examining the Impact of Socioeconomics on Security and Privacy Outcomes. Technical Report. 2016.
- Redmiles, E.M., Kross, S., and Mazurek, M.L. How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior.Paper. ACM Conference on Computer and Communications Security (CCS). 2016. 16% accept rate.
- Redmiles, E.M. , Malone, A.R., and Mazurek, M. L. “I Think They’re Trying to Tell Me Something”: Advice Sources and Selection for Digital Security.Paper. IEEE Symposium on Security and Privacy (Oakland). 2016. 13% accept rate.
- E.M. Redmiles, Malone, A. and Mazurek, M. L. How I Learned To Be Secure: Advice Sources and Personality Factors in Cybersecurity. Poster. The 11th Symposium on Usable Privacy and Security (SOUPS).
Also presented at the 2015 University of Maryland Security Symposium, the 2016 Science of Security Lablet Quarterly meeting, and the 2015 Human Computer Interaction Laboratory Symposium.
Support
This research is sponsored in part by the National Security Agency as part of a Science of Security lablet. This research is also supported by a Data&Society Data Access Grant.
People
Dr. Michelle Mazurek
Primary Investigator |
Elissa Redmiles
Graduate Research Assistant |
Sean Kross
Collaborator, Johns Hopkins University |
Shelby Silverstein
Undergraduate Research Assistant |
Amelia Malone
Former Undergraduate Research Assistant |