risk communication theory design results jean camp goals
play

+ Risk Communication Theory, Design, Results Jean Camp, + Goals n - PowerPoint PPT Presentation

Dec 17, 2022 •400 likes •825 views

+ Risk Communication Theory, Design, Results Jean Camp, + Goals n How do you describe security & privacy risks in a way that communicates the risks and options? n Risk Communication n Ambient Risk Communication n Action-based

  1. + Risk Communication Theory, Design, Results Jean Camp,

  2. + Goals n How do you describe security & privacy risks in a way that communicates the risks and options? n Risk Communication n Ambient Risk Communication n Action-based Risk Communication

  3. + Let Me Explain This To the User

  4. + Design for Humans Requires Designing for Humans

  5. + Design for Humans Requires Designing for Humans Smoking is a factor which contributes to lung cancer. Most cancers that start in lung, known as primary lung cancers, are carcinomas that derive from epithelial cells. Depending on the type of tumor, so-called paraneoplastic phenomena may initially attract attention to the disease. In lung cancer, these phenomena may include Lambert-Eaton myasthenic syndrome (muscle weakness due to auto-antibodies), hypercalcemia, or syndrome of inappropriate antidiuretic hormone (SIADH). Tumors in the top (apex) of the lung, known as Pancoast tumors, may invade the local part of the sympathetic nervous system, leading to changed sweating patterns and eye muscle problems (a combination known as Horner's syndrome) as well as muscle weakness in the hands due to invasion of the brachial plexus.

  6. + Security is Risk n All we have to do is get the numbers right n All we have to do is tell them the numbers Risk Perception and Communication Unplugged: n All we have to do is explain what the numbers mean Twenty Years of Process n All we have to do is show them that they’ve accepted/ 1995 rejected similar risks in the past n All we have to do is show them that it’s a good deal for Baruch Fischhoff them n All we have to do is treat them nice n All we have to do is make them partner s n All of the above

  7. + Goal of Risk Communication n Change behavior n All we have to do is show them that they’ve accepted/ rejected similar risks in the past n All we have to do is show them that it’s a good deal for them n Create a Partnership n The right hat for the right context

  8. + Learn From Other Domains n Seat belts must be worn n Communication must be timely

  9. + Make Risk Mitigation Available n Free condoms vs. education n Solutions must be available and usable .

  10. + Ambient acceptable Levels of Risk n Anti lock breaks increase risk-taking behavior, n Respect their risk thermostat

  11. + Specific User n Look for archetypes and categories n Mental model communication n Expertise n Experience questions n Expertise questions n Knowledge was original control variable, confirmed with phishing ID n Individual characteristics n Expertise n Demographics n P. Rajivan, P. Moriano, T. Kelley and J. Camp, “What Can Johnny Do?–A study of factors that influence security expertise in end- users”, International Symposium on Human Aspects of Information Security & Assurance , Frankfurt, Germany, (HAISA 2016) 19-21 July 2016.

  12. + Goals n How do you describe security & privacy risks in a way that communicates the risks and options? n Risk Communication n Ambient Risk Communication n Risk Averse Browsing n Action-based Risk Communication n Creating a password n Downloading an app

  13. + Empower People to Avoid Risk n Phishing n Pharming n Malicious downloads n Malicious scripts n Rogue or misleading certs n Network traffic exposure n Password reuse n Comprehensive threat landscape

  14. + First Identify Risk n Modular architecture to identify risk n White list/black list n Domain names, certificates, scripts, networks n Reputation n Domain names: familiarity, history, linear over time n Certificates: decision tree with observation & attributes n Scripts: familiarity, publisher n Network connection: familiarity, polities

  15. + Second, Communicate Risk n Model users n Communicate mental models n Be nice

  16. + Third, Enable Risk Mitigation n High Risk n No action n Medium Risk n Domain names, Certificates § Low Risk n Generate warning above a § Domain names, Certificates thresh hold § Generate warning above a thresh hold n Block black list § Block all but white list n Script § Script n Block black list § Block all but white list § Blocked images, plug-in, n Block categories (iFrame, flash) videos, redirects, n Block plug-in, video javascript n Networks § Networks n Warn unencrypted § Did not allow passwords over unencrypted

  17. + Identify & Communicate Risk Expert modules build risk picture WiFi Risk Profile Certificates User Network Web Context Context Context Scipts Passwords Ontology, probabilistic fusion User decisions Mental Blackboard models Observed settings, network activity Intelligent Interaction Security Dialog reconfig generation History Browser settings Dialog specification

  18. + Empower Informed Choice n The communication is the control n Simple Controls n Use mental models n End to end risk measurement n For one person one button was too much!

  19. + Actions Allowed with Warnings

  20. + Behavior Changed n Changed human behavior: Cumulative Risk Reduction n Most people changed settings n Browsed at different risk level n Large number of scripts blocked, certs rejected n Passwords will be transmitted in the clear n Setting at per-site basis

  21. + Clear Risks & Benefits I am the pig. That Pig is dead.

  22. + Goals n How do you describe privacy risks in a way that communicates the risks and options? n Risk Communication n Ambient Risk Communication n Action-based Risk Communication n Creating a password n Downloading an app

  23. + Passwords Could be Usable n Make it hard to be a phishing victim n Simplify password creation n Simplify unique passwords n Support contextual recall n Confuse non-contextual recall n Respecting the limits and abilities of the human

  24. + Creating Partnerships n Support human cognition n Heuristics n Memory n Passwords n L Jean Camp, Jacob Abbott, and Siyu Chen, “CPasswords: Leveraging Episodic Memory and Human-Centered Design for Better Authentication” Hawaii International Conference on System Sciences , (Kauai, HI) 5-9 Jan 2016.

  25. + Support Human Memory n Episodic or visual memory n Story telling n Memory cues n Entropy provided n Image selection n Single level substitution

  26. + Randomness from Prompts jumping on the desk holding forty-two paper clips and tape

  27. + Recall from Memory Cues

  28. + Four Groups n Nothing n Significance n Entropy n Rule n Simple measure n Rule & picture prompt n Range of characters n Length n Rule & reminder n Recall

  29. + Summary

  30. + Recall v Entropy

  31. + Goals n How do you describe privacy risks in a way that communicates the risks and options? n Risk Communication n Ambient Risk Communication n Action-based Risk Communication n Creating a password n Downloading an app

  32. + Support Decision-Making: App n Application Benefits n User Rating n Popularity n Uninstalls n Application Risk n Information requests n Permissions-based n Prashanth Rajivan & Jean Camp, “Too Much Too Late: Influence of risk communication on Android App installations”, School of Informatics and Computing Technical Report TR724 (Feb 2016)

  33. + Permissions Intent & Action

  34. + Buy Why Would They

  35. + Android Risks & Benefits Also locks and eyeballs

  36. + First & Second Choice There Was No Trade-Off Trade-offs and informed decisions enabled higher privacy, lower risk choices

  37. + Changed User Choice with Priming

  38. + Support Decision-Making with partnership. Be nice. n Passwords n More entropy n Easier to create, recall in context n Browser n Easier to avoid risk n Obvious benefit, clear communication, less risk n App Selection n Possible to make decisions on risk n Support risk-mitigating decisions

  39. + Other Related Work! n L. Jean Camp, “Bringing Mental Models to Privacy and Security” IEEE Technology And Society Magazine , 28 (3) 37-46 (2009). n V . Garg, and L. Jean Camp, “Heuristics and Biases: Implications for Security Design”, IEEE Technology & Society , 32.1: 73-79. (2013). n Vaibhav Garg and L Jean Camp, “Cars, Condoms, and Facebook”, ISC 2013 (Dallas, Texas) 13-15 November 2013. n aine, K. E., Zimmerman, C. Y., Schall-Zimmerman, Z., Hazlewood, W . R., Camp, L. J., Connelly, K. H., Huber, L. L, & Shankar, K, “DigiSwitch: A device to allow older adults to monitor and direct the collection and transmission of health information collected at home”, Journal of Medical Systems Vol. 35, No. 5, 1181-1195 (2011). n L. Jean Camp, “Re-conceptualizing the Role of Security User”, Daedalus, Vol. 140 No. 4 (2011). n Farzeneh Asgapour, Debin Liu and L. Jean Camp, “Risk Communication in Computer Security using Mental Models”, WEIS 2007, (Pittsburgh, PA) 5-6 June 2007. Acknowledgements!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Goals of the Workshop You will learn about: Communication theory. Building communication

Goals of the Workshop You will learn about: Communication theory. Building communication

B ETTER C OMMUNICATION FOR E FFECTIVE D ECISION MAKING W ORKSHOP December 2, 2009 By Karen Firehock and Melinda Holland, E 2 Inc. Special thanks to E. Franklin Dukes, Ph.D Goals of the Workshop You will learn about: Communication theory.

286 views • 28 slides
Risk Aversion, Prospect Theory, and Strategic Risk in Law Enforcement: Evidence From an Antitrust

Risk Aversion, Prospect Theory, and Strategic Risk in Law Enforcement: Evidence From an Antitrust

Goal and Background Experimental Design Results Risk Aversion, Prospect Theory, and Strategic Risk in Law Enforcement: Evidence From an Antitrust Experiment M. Bigoni 1 S.O. Fridolfsson 2 C. Le Coq 3 G. Spagnolo 345 1 Universit` a di Padova 2

867 views • 55 slides
Plan 1 Goals 2 A First Try at RISC - V 3 Design Flow 4 Introduction to Symbolic Layout 5

Plan 1 Goals 2 A First Try at RISC - V 3 Design Flow 4 Introduction to Symbolic Layout 5

RISC - V design using FOSS Jean-Paul C HAPUT LIP 6, Sorbonne Universit CIAN Team Marie-Minerve L OURAT , Roselyne C HOTIN , Jean-Paul C HAPUT , Adrian S ATIN Jean-Paul.Chaput@lip6.fr Paris, October 2 nd , 2019 This work is licensed under a

1.24k views • 40 slides
Mechanism Design Theory: How to Implement Social Goals E. Maskin Institute for Advanced Study

Mechanism Design Theory: How to Implement Social Goals E. Maskin Institute for Advanced Study

Mechanism Design Theory: How to Implement Social Goals E. Maskin Institute for Advanced Study and Princeton University Nobel Lecture December 8, 2007 Theory of Mechanism Design engineering part of economic theory much of

608 views • 30 slides
Risk Communication: Communication Skills for Any Issue that Impacts Your Mission Fulton

Risk Communication: Communication Skills for Any Issue that Impacts Your Mission Fulton

Risk Communication: Communication Skills for Any Issue that Impacts Your Mission Fulton Communications Keith Fulton Sandy Martinez Topic One Risk Communication Overview Topic Outline Learn what risk communication is. Understand why

760 views • 24 slides
9.520 Math Camp 2011 Probability Theory Say we have some training data S ( n ) , comprising n

9.520 Math Camp 2011 Probability Theory Say we have some training data S ( n ) , comprising n

9.520 Math Camp 2011 Probability Theory Say we have some training data S ( n ) , comprising n input points { x i } n i =1 and the corresponding labels { y i } n i =1 : S ( n ) = { ( x 1 , y 1 ) , . . . , ( x n , y n ) } We want to design a

240 views • 3 slides
Extreme Value Theory in Risk Management See McNeil, Extreme Value Theory for Risk Managers Risk

Extreme Value Theory in Risk Management See McNeil, Extreme Value Theory for Risk Managers Risk

ST 810-006 Statistics and Financial Risk Extreme Value Theory in Risk Management See McNeil, Extreme Value Theory for Risk Managers Risk management is essentially about tail events. Probabilists have developed a theory specific to extreme, or

323 views • 13 slides
Risk Communication Qualitative Understanding Risk Perception Aware of key aspects of

Risk Communication Qualitative Understanding Risk Perception Aware of key aspects of

Risk Communication Qualitative Understanding Risk Perception Aware of key aspects of risk behavior and Communication Concepts linked sensibly Quantitative Assessment Accurate estimates of risks Julie S. Downs

328 views • 7 slides
Risk Communication in Risk Communication in st Century the 21 st Century the 21 Ragnar L

Risk Communication in Risk Communication in st Century the 21 st Century the 21 Ragnar L

Risk Communication in Risk Communication in st Century the 21 st Century the 21 Ragnar L fstedt fstedt Ragnar L Professor and Director Kings Centre for Risk Management Kings College, London 1 Classified - Internal use I n this

464 views • 28 slides
2020 Sec 1 L.E.A.D Camp 13 - 16 JANUARY LEADERSHIP BEGINS WITH ME Camp Coordinators 1.

2020 Sec 1 L.E.A.D Camp 13 - 16 JANUARY LEADERSHIP BEGINS WITH ME Camp Coordinators 1.

2020 Sec 1 L.E.A.D Camp 13 - 16 JANUARY LEADERSHIP BEGINS WITH ME Camp Coordinators 1. Ms Jessica Yap (Year Head) 2. Mr Damon Chu (Camp Commandant) 3. Mr Alvin Goh (Camp 2IC) * Contacts can be found on camp letter posted on school

543 views • 14 slides
Communicative Act Theory Speech act theory in philosophy Communication is a form of action

Communicative Act Theory Speech act theory in philosophy Communication is a form of action

Communication Theory Communicative Act Theory Speech act theory in philosophy Communication is a form of action Goes beyond traditional logic, which deals with assertions (true or false) Canonical example: when a judge declares a

377 views • 15 slides
Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Analysis Biosafety Risk assessment, Risk Risk analysis encom passes Management & risk risk assessm ent, risk communication m anagem ent, and risk com m unication. Ephy Khaemba International Livestock Research Institute

506 views • 11 slides
Coupled Diffusions and Systemic Risk Systemic Risk Illustrated Jean-Pierre Fouque

Coupled Diffusions and Systemic Risk Systemic Risk Illustrated Jean-Pierre Fouque

Coupled Diffusions and Systemic Risk Systemic Risk Illustrated Jean-Pierre Fouque University of California Santa Barbara Joint work with Li-Hsien Sun Meeting on Financial Risks RiskLab Madrid, May 24th, 2012 HANDBOOK ON SYSTEMIC RISK

722 views • 39 slides
A theory of risk for two price market equilibria Dilip Madan Department of Finance Robert H.

A theory of risk for two price market equilibria Dilip Madan Department of Finance Robert H.

A theory of risk for two price market equilibria Dilip Madan Department of Finance Robert H. Smith School of Business Joint work with Shaun Wang and Phil Heckman Preview of Results A theory of risk for two price economies is overlaid on

496 views • 35 slides
Florida 4-H Professionals Updated: August 2019 Erin Bain, 4-H and Camp Specialist- American

Florida 4-H Professionals Updated: August 2019 Erin Bain, 4-H and Camp Specialist- American

An overview of our policies and service for Florida 4-H Professionals Updated: August 2019 Erin Bain, 4-H and Camp Specialist- American Income Life Special Risk Division Goals for Today Review the Florida 4-H Statewide Policy Type of

387 views • 17 slides
My Favorite Assignment: Business Communication Boot Camp Daylanne Markwardt Center for

My Favorite Assignment: Business Communication Boot Camp Daylanne Markwardt Center for

My Favorite Assignment: Business Communication Boot Camp Daylanne Markwardt Center for Management Communication USC Marshall School of Business Assignment Description Basic training for business wri1ng Series of rigorous wri1ng drills

409 views • 7 slides
Pharynx NAACCR 20182019 WEBINAR SERIES 1 Q&A Please submit all questions concerning the

Pharynx NAACCR 20182019 WEBINAR SERIES 1 Q&A Please submit all questions concerning the

Pharynx 2018 10/4/18 Pharynx NAACCR 20182019 WEBINAR SERIES 1 Q&A Please submit all questions concerning the webinar content through the Q&A panel. If you have participants watching this webinar at your site, please collect their

506 views • 27 slides
SHOW ME YOUR SKILLS, BABY! Newborn Assessment Janelle Myers, OTRL 2016 OBJECTIVES Identify

SHOW ME YOUR SKILLS, BABY! Newborn Assessment Janelle Myers, OTRL 2016 OBJECTIVES Identify

SHOW ME YOUR SKILLS, BABY! Newborn Assessment Janelle Myers, OTRL 2016 OBJECTIVES Identify typical development patterns Identify atypical development patterns and indications for referral to early intervention services Common

594 views • 34 slides
Implications for Pragmatic Trials NIH Health Care Systems Research Collaboratory Grand Rounds

Implications for Pragmatic Trials NIH Health Care Systems Research Collaboratory Grand Rounds

The ICD- 10 Transition Implications for Pragmatic Trials NIH Health Care Systems Research Collaboratory Grand Rounds August 14, 2015 Kin Wah Fung, MD, MS, MA National Library of Medicine Rachel Richesson, PhD, MPH Duke University School

1.27k views • 59 slides
TICAL C C HANGES HANGES IN IN B B RACHIAL RACHIAL P P LEXUS LEXUS ORTICAL I NJUR NJURY P P ATIENTS

TICAL C C HANGES HANGES IN IN B B RACHIAL RACHIAL P P LEXUS LEXUS ORTICAL I NJUR NJURY P P ATIENTS

Ncleo de Pesquisa em Neurocincia e Reabilitao C OR TICAL C C HANGES HANGES IN IN B B RACHIAL RACHIAL P P LEXUS LEXUS ORTICAL I NJUR NJURY P P ATIENTS TIENTS WITH WITH C C HRONIC HRONIC P P AIN AIN Fernanda de

502 views • 19 slides
Objectives Objectives Understand types of malpractice insurance coverage Discuss the

Objectives Objectives Understand types of malpractice insurance coverage Discuss the

Richard O. Davis, MD 2/14/2017 Tips for Optimal Management of Tips for Optimal Management of Risk in Obstetrical Care Risk in Obstetrical Care Richard O. Davis, M.D. Richard O. Davis, M.D. Objectives Objectives Understand types of

280 views • 14 slides
5 minutes more ...is safe practice sustainable? Dr Dan Rutherford Biography 1979-84 General

5 minutes more ...is safe practice sustainable? Dr Dan Rutherford Biography 1979-84 General

5 minutes more ...is safe practice sustainable? Dr Dan Rutherford Biography 1979-84 General medicine, gastroenterology 1984-2000 NHS GP, St Andrews 2000-2001 www.netdoctor.co.uk 2001-2007 NHS locum 2003-2015 OOH GP 2003-current

657 views • 49 slides
Structuring and Quality Improvement Aspects of a Pediatric Neurosurgery Program Hector E. James

Structuring and Quality Improvement Aspects of a Pediatric Neurosurgery Program Hector E. James

Initiating, Developing, Structuring and Quality Improvement Aspects of a Pediatric Neurosurgery Program Hector E. James M.D., FAANS,FAAP,FCCM. Division of Pediatric Neurosurgery and Lucy Gooding Pediatric Neurosurgery Center, University of

710 views • 29 slides
Base of Tongue/ Head and Neck 2019 2019-2020 NAACCR W EBINAR SERIES 2 Q&A Please submit

Base of Tongue/ Head and Neck 2019 2019-2020 NAACCR W EBINAR SERIES 2 Q&A Please submit

NAACCR 2019 2020 Webinar Series 12/5/19 Base of Tongue/ Head and Neck 2019 2019-2020 NAACCR W EBINAR SERIES 2 Q&A Please submit all questions concerning the webinar content through the Q&A panel. If you have participants

698 views • 33 slides

More recommend