stories as informal lessons about security
play

Stories as Informal Lessons About Security Emilee Rader, Rick Wash, - PowerPoint PPT Presentation

Aug 14, 2022 •346 likes •664 views

Stories as Informal Lessons About Security Emilee Rader, Rick Wash, Brandon Brooks Michigan State University bitlab.cas.msu.edu A system's security depends on the choices made by its users. One way to influence users choices is to

  1. Stories as Informal Lessons About Security Emilee Rader, Rick Wash, Brandon Brooks Michigan State University bitlab.cas.msu.edu

  2. A system's security depends on the choices made by its users.

  3. One way to influence users’ choices is to influence what they know about security.

  4. How do people learn about security?

  5. Learning from Stories

  6. Learning from Stories • What stories have people heard about computer security? • What would these stories be about? • What might people learn from them? • What impact might these stories have?

  7. Survey • Undergraduates in intro comm/telecom classes • 301 Responses (41% response rate) • Tell us a story you heard about security

  8. Respondents • Most were 18-23 years old (max 38) • Majority full-time undergraduate students • 179 male (59%) and 119 female (40%) • 172 subjects use Macs; 123 use PCs, and 6 reported some form of “Both” • Averaged 3.4 out of 5 on “Internet Skills” self report - 37 Report having worked in a high-tech job

  9. Security Stories #377: My friend decided he wanted to watch some inappropriate videos and went to a shady site. He did not have a firewall or any sort of anti virus so his computer got infected. His computer slowly got worse and worse until he couldn't handle it and took it to his parents. His parents did not know what to do and before they could figure it out, the computer died. #3: It appears that Facebook has gotten yet another virus and people are posting weird things onto their friends walls without them knowing. So if you get a notification about someone posting on your wall be careful and not directly click on it or else your Facebook might get hacked or a virus.

  10. Stories...

  11. Stories... • Are about security incidents - PC Effects (95 stories) - Theft (75 stories) - Breaking In (59 stories) - Phishing (53 stories) - Spam (37 stories)

  12. Stories... • Are heard informally from family and friends - 70% heard in informal settings (home, friend's house) - 55% told face-to-face - 64% told by family or friends - 71% more than a month old

  13. Stories... • Are lessons about everyday people facing moderately serious threats - 55% about family and friends - 51% auto-biographical - 72% contain a lesson - 95% believe the story is true

  14. Stories... • Convey important security lessons - The Internet is a dangerous place - Beware of specific threats (shady email, shady webpages) - Keep “personal” information private

  15. Changing Thinking and Behavior

  16. Changing Thinking and Behavior • 94% report changing how they think about security • 52% report changing behavior

  17. Changing Thinking and Behavior • Stories with lessons... - Over doubles the odds of influencing behavior - Significantly larger increase in change in thinking - Lessons are important for learning?

  18. Changing Thinking and Behavior • People perceived as knowledgable are influential... - 40% increase in odds of changing behavior - Very small effect on change in thinking

  19. Changing Thinking and Behavior • Characterizing the behavior change... Completely stop doing risky behaviors - Start using more security technologies - Pay attention to useful information -

  20. #412: Don't click on sketchy links; #3: Don't click on weird links. STOP #44: Making sure my computer did not remember any of my passwords. #428: Make sure you choose a well-trusted antivirus program to protect your computer from spyware and virus threats. START #448: Started scanning torrent contents before opening. Also reading torrent comments. #121: To not be stupid and recognize when a virus is attempting to harm your computer. PAY ATTENTION #356: Reading more carefully the subject line in emails.

  21. Stories... • Are retold - 45% of respondents retold the story - 90% retell within a week - Settings: - Casual (87%), Face-to-face (89%), to family and friends (97%)

  22. Four Implications • People’s choices about security are interconnected • Influential stories come from familiar, trusted sources • Stories seem to convey the complexity of security, but not what to do about it • Stories seem to help with reactive security, but not with proactive security

  23. Next Steps... How does information from different sources and people affect mental models, and security outcomes?

  24. http://inside.mines.edu/UserFiles/Image/ccit/Security/2010/8.pdf

  25. Evolving threats... Interviewer: Do you think there's anything that limits your ability to protect yourself on the internet? P2: You can't control what you receive . You can control what you open, but you can't control what you receive.

  26. Thank You! Emilee Rader, Rick Wash, Brandon Brooks Michigan State University bitlab.cas.msu.edu This presentation is based upon work supported by the National Science Foundation under award number CNS-1116544 and CNS-1115926.

  27. Eliciting Stories INSTRUCTIONS In this survey, we are interested in things you THREATS First, to help you start to remember any stories have heard about or learned from others related to protecting related to computer security that you might have heard, your computer and yourself from computer security threats. please name as many different kinds of computer security problems or threats that you can think of. These threats might include things like hackers, viruses, LEARNING Next, think of all of the different ways you have identity theft, shady URLs in spam emails, etc. It can be very learned about how to protect yourself and your computer from hard sometimes to tell when you are facing a computer computer security problems or threats, and make a list of security threat---symptoms might include when your these below. computer is slow or freezes unexpectedly, when programs won't close, or lock up, unwanted popup windows, spam STORY LIST Take a moment to think back to times in the past email, posts appearing in your Facebook account without your when you remember being told or reading about a story permission or knowledge, or other undesirable computer related to computer security. Please make a list of as many of issues. these stories as you can remember, using only a couple of words to describe each story (you may want to read over your Sometimes people cope with these threats by using tools answers to the previous questions to jog your memory). such as anti-virus or firewall software, or by making sure to STORY Finally, please choose one story for which you can back up their data, or not clicking links or installing apps from people they don't know or trust. most easily recall details about where you were and what happened when you heard or read the story. You will be DEFINITION For this research project, we are particularly answering further questions about this story in the rest of the interested in things you have heard or learned about computer survey. In a sentence or two, brifey summarize what security through stories from OTHER PEOPLE, such as happened. something told to you by a friend, coworker or acquaintance, FULL STORY At the beginning of the survey, you entered this social media sites like Facebook, blogs and newspapers, or brief summary of a story, you remembered being told or any other sources you can think of. We are NOT interested in reading about, related to a computer security threat or something that happened to you personally---only stories problem. Below, please write the story as if you were telling it you've heard related to computer security that are mostly to a friend. Use as much detail as you can, including any about other people. thoughts or recollections you might have had about what happened as you were filling out the survey.

  28. More Stories #328: My family was going to visit my grandparents and when we arrived, my grandpa told us about how their computer had been acting funny and not working as well. Within the couples days before we came to visit, it had even stopped powering completely up or down when they would go to use it. On the day we went to visit it was determined it had somehow got a virus and was no longer good to use." #391: My friend had randomly been selected by the hacker who hacked his school email account. and was sending out viruses to every person in his email address. The person was also trying to send a serious virus to the school that would crash the entire system. The school eventually shut down his email account and gave him a new one hoping that the attempt did not happen again they also never found the hacker.

  29. Survey Questions (excerpt) SOURCE CONTEXT Where were you SOURCE From what source did you when you heard or read the story? hear or read the story? • Don't remember 11 • Family member 79 • At a coffee shop 1 • Friend 113 • At a friend or relative's house 37 • Acquaintance 7 • At home 174 • Coworker or Boss 3 • At work 10 • IT or Computer Repair Person 5 • In a computer lab 2 • Stranger 8 • In class 42 • News Institution 34 • In the library 6 • Don't Remember 14 • NA's 18 • Other 37 • NA's 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

L-102.00 1 Building Outline Map L-102.00 SCALE: 1" = 10' Date: 7/17/2017 Date:

L-102.00 1 Building Outline Map L-102.00 SCALE: 1" = 10' Date: 7/17/2017 Date:

92ND STREET 7 4 4 4 4 Stories Stories Stories Stories Stories 7 Stories 15 5 4 4 4 4 4 Stories Stories Stories Stories Stories Stories Stories 4 Stories 3 Historic Photo A 2 Historic Photo A L-102.00 L-102.00 SCALE:

477 views • 5 slides
Success Stories: Port Security Success Stories: Port Security A Presentation to the OAS Annual CIP

Success Stories: Port Security Success Stories: Port Security A Presentation to the OAS Annual CIP

Success Stories: Port Security Success Stories: Port Security A Presentation to the OAS Annual CIP Conference i h O S l C C f Washington, DC Washington, DC June 18, 2014 Thi ki Thinking Inside The Box I id Th B Summary

501 views • 21 slides
Chinas Wealth Management Products Informal WMP Survey in China and Lessons from the U.S.

Chinas Wealth Management Products Informal WMP Survey in China and Lessons from the U.S.

Chinas Wealth Management Products Informal WMP Survey in China and Lessons from the U.S. Financial Crisis Andrew Collier Orient Capital Research Practitioner Peking U. Student. Former investment banker Bear Stearns, CLSA. Head

482 views • 20 slides
MULTISOLVING AT THE INTERSECTION OF HEALTH AND CLIMATE LESSONS FROM SUCCESS STORIES Elizabeth

MULTISOLVING AT THE INTERSECTION OF HEALTH AND CLIMATE LESSONS FROM SUCCESS STORIES Elizabeth

MULTISOLVING AT THE INTERSECTION OF HEALTH AND CLIMATE LESSONS FROM SUCCESS STORIES Elizabeth Sawin Stephanie McCauley Lucy Saunders Larissa Lockwood Forbes McGain Webinar: 16 July 2018 Our interactive tools help people see what works to

1.27k views • 82 slides
of f Health and Cli limate: Lessons from Success Stories Stephanie ie McC cCaule ley

of f Health and Cli limate: Lessons from Success Stories Stephanie ie McC cCaule ley

Mult ltisolving at the In Intersection of f Health and Cli limate: Lessons from Success Stories Stephanie ie McC cCaule ley Climate Interactive 17 April 2018 Nexus Con onference Our interactive tools help people see what works to

344 views • 21 slides
Lessons learnt from Informal apprenticeship initiatives in southern and eastern Africa

Lessons learnt from Informal apprenticeship initiatives in southern and eastern Africa

Lessons learnt from Informal apprenticeship initiatives in southern and eastern Africa International conference on: Apprenticeship in a Globalised World Johannesburg, South Africa 23- 24 April 2013 Ashwani Aggarwal, Ph.D. Senior Specialist

246 views • 21 slides
International social security standards and challenges to social security Lessons for a

International social security standards and challenges to social security Lessons for a

15 th PPF MEMBERS CONFERENCE Arusha 19-21 October 2005 International social security standards and challenges to social security Lessons for a Tanzanian reform debate Krzysztof Hagemejer Policy coordinator Social Security Department,

499 views • 47 slides
Rosalind Dibley: Digital Stories and Me Sharing stories Information about how to tell stories is

Rosalind Dibley: Digital Stories and Me Sharing stories Information about how to tell stories is

Rosalind Dibley: Digital Stories and Me Sharing stories Information about how to tell stories is everywhere!!!!!!!!!! ! www.storycenter.org Stories that come from official sources, such as ne news me ws media dia co corpo poratio

489 views • 22 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
West 108th Street Development West Side Federation for Senior & Supportive Housing Dattner

West 108th Street Development West Side Federation for Senior & Supportive Housing Dattner

WEST 109TH STREET COLUMBUS AVE. AMSTERDAM AVE. ANABIL AVILES PLAYGROUND 6 Stories PLAYGROUND 11 Stories 11 Stories TOILETS 9 Stories 7 Stories 7 Stories WEST 108TH STREET BUILDING 1 BUILDING 2 BOOKER T. WASHINGTON M.S. 54

310 views • 5 slides
YOUTH THRIVE IN THE GIG ECONOMY Lessons from the Kenya Gig economy 0 IMPACT LABS 14M informal

YOUTH THRIVE IN THE GIG ECONOMY Lessons from the Kenya Gig economy 0 IMPACT LABS 14M informal

IS IT A GOOD GIG? HOW DIGITAL PLATFORMS HELP YOUTH THRIVE IN THE GIG ECONOMY Lessons from the Kenya Gig economy 0 IMPACT LABS 14M informal sector workers in Kenya 1 IMPACT LABS Digital platforms play a critical role in job matching

576 views • 10 slides
"Evidence as a Contact Sport!" A few lessons from the bench and war stories from the

"Evidence as a Contact Sport!" A few lessons from the bench and war stories from the

"Evidence as a Contact Sport!" A few lessons from the bench and war stories from the field Hon. Elihu M. Berle, Los Angeles County Superior Court Hon. John S. Wiley Jr., Los Angeles County Superior Court J. Scott Bovitz, Bovitz &

846 views • 71 slides
A Framework for Water Security Assessment at City Scale: Application to Bangkok Informal

A Framework for Water Security Assessment at City Scale: Application to Bangkok Informal

A Framework for Water Security Assessment at City Scale: Application to Bangkok Informal roundtable on addressing water scarcity through cost effective and innovative responsible business practices (RBP) in the Resort Industry in ESCAP

364 views • 14 slides
AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and Security Enabler AI Security Enabler AI enables security applications Security enables better AI Integrity: produces intended/correct

1.03k views • 81 slides
Including the informal economy in Inclusive Growth Evidence from the Informal Economy

Including the informal economy in Inclusive Growth Evidence from the Informal Economy

Including the informal economy in Inclusive Growth Evidence from the Informal Economy Monitoring Study Informal Employment Where most of the population in developing countries earn their livelihoods Accounts for more than half of

366 views • 33 slides
WHATS NEXT FOR TRANSMISSION? SUCCESS STORIES AND LESSONS LEARNED September 10, 2020

WHATS NEXT FOR TRANSMISSION? SUCCESS STORIES AND LESSONS LEARNED September 10, 2020

ACEG Presents Transmission Time WHATS NEXT FOR TRANSMISSION? SUCCESS STORIES AND LESSONS LEARNED September 10, 2020 INTRODUCTION TO AMERICANS FOR A CLEAN ENERGY GRID ABOUT ACEG Americans for a Clean Energy Grid (ACEG) is the only

144 views • 13 slides
Quantifying Natural Hazard Risk in New Zealand: Looking Back to Look Forward Looking Back to Look

Quantifying Natural Hazard Risk in New Zealand: Looking Back to Look Forward Looking Back to Look

Quantifying Natural Hazard Risk in New Zealand: Looking Back to Look Forward Looking Back to Look Forward Kelvin Berryman Director Natural Hazards Research Platform Director, Natural Hazards Research Platform Kelvin Berryman Kelvin Berryman

212 views • 17 slides
Common Operating Picture As Of: 05/13/2015 General objectives for the Incident (4216/4217) 1.

Common Operating Picture As Of: 05/13/2015 General objectives for the Incident (4216/4217) 1.

Common Operating Picture As Of: 05/13/2015 General objectives for the Incident (4216/4217) 1. Ensure safety and security of all assigned Commonwealth and Federal personnel in all locations. 2. Deliver a successful and inclusive Individual

283 views • 12 slides
1 What kinds of wild weather have you heard of, seen in the news, or experienced? What types of

1 What kinds of wild weather have you heard of, seen in the news, or experienced? What types of

1 What kinds of wild weather have you heard of, seen in the news, or experienced? What types of weather might we consider to be wild, severe or extreme? Ideas: Big Waves, Strong Winds, Heat Waves, Cyclones, Hurricanes, Thunder Storms, Typhoons,

677 views • 29 slides
Build Back Better in Urban Resilience C.B. Maharjan Mayor of Lalitpur Metropolitan City, Nepal

Build Back Better in Urban Resilience C.B. Maharjan Mayor of Lalitpur Metropolitan City, Nepal

Build Back Better in Urban Resilience C.B. Maharjan Mayor of Lalitpur Metropolitan City, Nepal Nepal Earthquake 2015 Gorkha Sindhupalchowk Lalitpur 1/24/2018 2 Lalitpur Metropolitan City (LMC) 148,197 Sq. Km 27 m Population 70,256

449 views • 16 slides
Inferring User Behaviors from Log Data for Understanding Computer Security Decisions Dr. Emilee

Inferring User Behaviors from Log Data for Understanding Computer Security Decisions Dr. Emilee

Inferring User Behaviors from Log Data for Understanding Computer Security Decisions Dr. Emilee Rader Department of Media and Information Michigan State University emilee@msu.edu | msu.edu/~emilee May 14, 2018 Socio-technical systems:

838 views • 37 slides
An Adm i ni st r at or s vi ew Robot i c ver ses Lapar oscopi c sur ger y Pat

An Adm i ni st r at or s vi ew Robot i c ver ses Lapar oscopi c sur ger y Pat

An Adm i ni st r at or s vi ew Robot i c ver ses Lapar oscopi c sur ger y Pat t y Jo Toor VP Nur si ng/ VP O per at i ons Advent Heal t h Cel ebr at i on Cl i ni cal and Econom i c O ut com es Cl

654 views • 8 slides
Simultaneous Localization and Mapping for Minimally Invasive Surgery Introduction

Simultaneous Localization and Mapping for Minimally Invasive Surgery Introduction

Tutorial on 3D Surface Reconstruction in Laparoscopic Surgery Simultaneous Localization and Mapping for Minimally Invasive Surgery Introduction University of Bristol using particle filters to track football players from a single static

753 views • 40 slides
Honor Your Mentor Jeffrey Cornella, MD Thank you for giving us robust foundations for our

Honor Your Mentor Jeffrey Cornella, MD Thank you for giving us robust foundations for our

Honor Your Mentor Jeffrey Cornella, MD Thank you for giving us robust foundations for our life-long careers in urogynecology! With deep regards, Your 2nd and 3rd fellows, Ingrid Nygaard, MD and Dee Fenner, MD Honor Your Mentor John O. L.

614 views • 27 slides

More recommend