We present SA-6, a six-item psychometric scale for assessing people’s security attitudes that we developed by following best practices. We identify six scale items based on theoretical and empirical research with sufficient response variance, reliability, and validity in a combined sample (N = 478) from Amazon Mechanical Turk and a university-based study pool. We validate the resulting measure with a U.S. Census-tailored Qualtrics panel (N = 209). SA-6 significantly associates with self-report measures of behavior intention and recent secure behaviors. Our work contributes a lightweight method for (1) quantifying and comparing people’s attitudes toward using recommended security tools and practices, and (2) improving predictive modeling of who will adopt security behaviors. Presentation to the Usenix Symposium on Usable Privacy and Security (SOUPS 2019), Aug. 12, 2019, Santa Clara, CA, USA.
This paper discusses some unusual and helpful ways to measure security, and promotes the idea of Marginal Analysis as a promising method for optimizing complex enterprise security.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Information Security Risk QuantificationJoel Baese
Overview presentation given at the 8/16/2016 Fayetteville, Arkansas ISACA chapter meeting discussing quantifying risk in the information security field.
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Steve Werby
20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline...which sometimes has a seat at the table. This talk explores what we're doing wrong, why it's ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!
An introduction to the Open FAIR standard, a framework for analyzing and express risk in financial terms. This presentation was originally given at the Louisville Metro InfoSec Conference on 9/19/17.
This paper discusses some unusual and helpful ways to measure security, and promotes the idea of Marginal Analysis as a promising method for optimizing complex enterprise security.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Information Security Risk QuantificationJoel Baese
Overview presentation given at the 8/16/2016 Fayetteville, Arkansas ISACA chapter meeting discussing quantifying risk in the information security field.
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Steve Werby
20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline...which sometimes has a seat at the table. This talk explores what we're doing wrong, why it's ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!
An introduction to the Open FAIR standard, a framework for analyzing and express risk in financial terms. This presentation was originally given at the Louisville Metro InfoSec Conference on 9/19/17.
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
In practice, we often see SAP security projects that only offer a partial solution. Only rarely do such projects involve an end-to-end examination of all layers – from operating system to databases and applications, as well as concepts and policies.
At the same time, an all-encompassing approach to security is essential for projects involving the implementation of or migration to SAP S/4HANA, because the database, user interface, gateway, applications, and authorizations have all grown closer together. As a result, access to important data has become both more complex and more difficult to monitor – especially due to media discontinuity and access options at different layers. This means your framework authorization concept has to combine all these topics prior to implementation and define an end-to-end security strategy.
Ideally, all the security expertise needed for a comprehensive solution like this will come from a single source. This will guarantee perfect interplay between design and management, as well as monitoring, administration, and auditing. And you will also cover all the security areas, in the sense of a comprehensive SIEM system.
In this webinar, we will show you why SAST SOLUTIONS, with our highly specialized SAP experts in combination with our SAST SUITE solution, have just what you are looking for.
Topics of focus:
• The challenges of successful SAP S/4HANA security projects
• How to make sure your SAP S/4HANA implementation or migration is a success
• Benefits of support by SAST SUITE tools
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
[Webinar] Scaling experimentation: 5 key pillars of maturity by Nick SoChris Goward
Go behind the curtain with WiderFunnel's Director of Strategy, Nick So, as he shares exclusive learnings from his experience building successful experimentation programs for companies like HP, Asics, Magento, and IBM. During this webinar, you’ll get an insider look at the frameworks and strategies that WiderFunnel developed to help clients scale experimentation and accelerate through the phases of maturity.
Yin and Yang: Metrics within Agile and Traditional LifecyclesTechWell
Metrics are powerful tools when used to effect positive change in a project or organization. However, the value and benefits of metrics are often dependent on the context. While certain metrics provide information and insight to drive decision making for a traditional development approach, they may not be useful in an agile landscape—and vice versa. QA and agile experts Shaun Bradshaw and Bob Galen delve into the value, pitfalls, pros, and cons of various metrics in agile and waterfall development environments. Hear their experiences as they discuss and explore a variety of project-level, software development, and software testing metrics through the lens of both traditional and agile development contexts. Although Bob and Shaun respect each other’s knowledge and skill, they don’t often agree on metrics. And in this showdown, you’ll see why! Be prepared to learn, be entertained, and be ready to get in on the action as these two metrics titans go head-to-head.
Journey to Safety Excellence – Tagline or Tangible Resource?browzcompliance
In 2014, the National Safety Council kicked off an initiative called “The Journey to Safety Excellence,” a result of the Council’s understanding that many small to medium sized companies do not have the same safety resources and networking capabilities as larger corporations.
To that end, the Council put together free assessment tools, resource information and a networking structure that smaller companies could utilize at no cost — so they could start down their own path of safety excellence. In this presentation, attendees will learn how businesses of many types can benefit in utilizing the free resources.
This webinar takes the audience through the steps of continuous safety process improvement, and talks through a real-life scenario of how a company could utilize each aspect of the Journey to Safety Excellence resources.
To join or learn more about The Journey to Safety Excellence, visit: http://www.nsc.org/Measure/Pages/journey-to-safety-excellence.aspx.
Technology Executives Club Roundtable SIG - Nov 6 Session SummaryWCapra
The W. Capra Consulting Group hosted the inaugural Technology Executives Club's (TEC) Cyber Security and Risk Management Roundtable / Special Interests Group (SIG) last week.
Great turnout and the dialog was thought provoking and provided valuable insight. Attached is a Roundtable Summary that captures the key points of the discussion and predominant views shared.
We look forward to seeing you January 29th, 2016 at the next Security Roundtable SIG. More information is available at http://technologyexecutivesclub.com/Securitychicago
Psychosocial Dx: Identifying Invisible 45003 Factorsmyosh team
EFO Consulting has designed a Psychosocial Dx to measure performance, apply reliable benchmarks and Levers for action.
Can surveys be used to assess risk or only identify hazard?
What options are available to manage psychosocial factors that are simple pragmatic and value add?
Join us during this webinar to understand Psychosocial Diagnostic (Dx) options and methods of responding to range of psychosocial regulations and industry guidance:
Options available to identify hazards and assess risks that are often invisible
Understand specific areas of exposure, job demands, job resources and the impact these have on work outcomes.
Utilise reliable Levers to prevent, respond and promote healthy workplaces and high performance.
Case studies of transferring legal requirements and theory into practices that add value.
An overview of how to develop SMART security metrics that are meaningful for targeted audience: operational, tactical and strategic. I discuss key performance and risk indicators and graphical presentation for your audience.
A Pulse of Predictive Analytics In Higher Education │ Civitas LearningCivitas Learning
Civitas Learning presents the findings of our survey conducted during the September 2014 Civitas Learning Summit, where more than 100 leaders representing 40 Pioneer Partner institutions gathered to share more on their work. The survey, distributed to all participants, resulted in 74 responses highlighting how this cross-section of higher education institutions are using advanced analytics to power student success initiatives.
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
This webinar discussed the purpose of data analytics and how it can be a light in the darkness for your organization to make better decisions for the future. The webinar covered the purpose of data analysis and its definition, the fundamental steps to take to perform data analysis to problem solve, and closed with next steps that attendees can take to further develop data analysis and business intelligence within their organizations.
During this webinar, attendees learned about the following:
- How data analytics functions to help your organization improve.
- The process for using data analytics to solve problems.
- Next steps to take to build data analysis within your organization.
Operational Leadership and Critical Risk Managementmyosh team
Presented by Mark Cooper, Principal Consultant, Sentis
Whats covered?
High hazard activities rely on rules, procedures and standards to specify ‘safe operation’. While these standards are usually written by experts, they may not universally apply to every situation or operational context. A recent review of over 160 serious incidents across multiple industry sectors, identified that 49% of control failures involved intentional ‘workarounds’. This is not to suggest that workers are defiantly flouting rules or expectations. In fact, often workaround behaviours can be linked back to operational leadership and organisational factors.
Operational leaders set the tone and help shape the environment within which critical controls are managed. They act as role models, define what’s expected and influence behaviours and attitudes through their actions and words. In this webinar we’ll target the role of leadership in critical control management processes.
In this webinar, Sentis Principal Consultant Mark Cooper will explore:
• The psychology of risk, risk taking and risk management
• Strategies for leaders to promote, influence and reinforce the importance of critical control management
• The benefits of examining the ways your work is affected by latent operational and corporate influences.
This is a webinar presented April 14, 2015 by Embry-Riddle Aeronautical University and featuring noted safety expert Dr. Mark Friend. Dr. Friend looks at the topic, "How to make safety work in your company."
Working with data is a challenge for many organizations. Nonprofits in particular may need to collect and analyze sensitive, incomplete, and/or biased historical data about people. In this talk, Dr. Cori Faklaris of UNC Charlotte provides an overview of current AI capabilities and weaknesses to consider when integrating current AI technologies into the data workflow. The talk is organized around three takeaways: (1) For better or sometimes worse, AI provides you with “infinite interns.” (2) Give people permission & guardrails to learn what works with these “interns” and what doesn’t. (3) Create a roadmap for adding in more AI to assist nonprofit work, along with strategies for bias mitigation.
In this talk, Dr. Cori Faklaris gives an overview of important concepts in Human Factors engineering. She describes cognitive and social factors, interface factors, and task and environment factors that impact human performance. Importantly, she stresses that failures should be seen as normal and expected, and designers should endeavor to minimize them or prevent them. The two types of human failures - errors (inadvertent) and non-compliance (deliberate) - can be addressed through better interfaces and, sometimes, training. When human failures occur, the root cause usually can be traced to human decisions. This talk was given as a tutorial to the Center for Advanced Power Engineering Fall 2023 meeting, at Clemson University, SC, USA.
More Related Content
Similar to A Self-Report Measure of End-User Security Attitudes (SA-6)
The Security Practitioner of the FutureResolver Inc.
In the face of changing business needs and threat environments, companies, organizations and individuals will continue to encounter increasingly diverse and sophisticated risks from an equally broad range of adversaries. These adversaries are equipped as never before supported by education, experience, publicly available critical information and the technology to bring their efforts to realization. Tomorrow’s security practitioner will need an array of integrated tools to effectively prepare for and counter tomorrow’s adversary. These “tools” will always include some traditional tried and proven practices; however, the need for practitioners to think critically, make risk-based decisions, implement leading practice solutions and define security optimization is required.
Presentation by:
Dennis Shepp, MBA, CPP, CFE, Consultant, Security Expert
Phillip Banks, P. Eng, CPP. Director, The Banks Group
In practice, we often see SAP security projects that only offer a partial solution. Only rarely do such projects involve an end-to-end examination of all layers – from operating system to databases and applications, as well as concepts and policies.
At the same time, an all-encompassing approach to security is essential for projects involving the implementation of or migration to SAP S/4HANA, because the database, user interface, gateway, applications, and authorizations have all grown closer together. As a result, access to important data has become both more complex and more difficult to monitor – especially due to media discontinuity and access options at different layers. This means your framework authorization concept has to combine all these topics prior to implementation and define an end-to-end security strategy.
Ideally, all the security expertise needed for a comprehensive solution like this will come from a single source. This will guarantee perfect interplay between design and management, as well as monitoring, administration, and auditing. And you will also cover all the security areas, in the sense of a comprehensive SIEM system.
In this webinar, we will show you why SAST SOLUTIONS, with our highly specialized SAP experts in combination with our SAST SUITE solution, have just what you are looking for.
Topics of focus:
• The challenges of successful SAP S/4HANA security projects
• How to make sure your SAP S/4HANA implementation or migration is a success
• Benefits of support by SAST SUITE tools
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
[Webinar] Scaling experimentation: 5 key pillars of maturity by Nick SoChris Goward
Go behind the curtain with WiderFunnel's Director of Strategy, Nick So, as he shares exclusive learnings from his experience building successful experimentation programs for companies like HP, Asics, Magento, and IBM. During this webinar, you’ll get an insider look at the frameworks and strategies that WiderFunnel developed to help clients scale experimentation and accelerate through the phases of maturity.
Yin and Yang: Metrics within Agile and Traditional LifecyclesTechWell
Metrics are powerful tools when used to effect positive change in a project or organization. However, the value and benefits of metrics are often dependent on the context. While certain metrics provide information and insight to drive decision making for a traditional development approach, they may not be useful in an agile landscape—and vice versa. QA and agile experts Shaun Bradshaw and Bob Galen delve into the value, pitfalls, pros, and cons of various metrics in agile and waterfall development environments. Hear their experiences as they discuss and explore a variety of project-level, software development, and software testing metrics through the lens of both traditional and agile development contexts. Although Bob and Shaun respect each other’s knowledge and skill, they don’t often agree on metrics. And in this showdown, you’ll see why! Be prepared to learn, be entertained, and be ready to get in on the action as these two metrics titans go head-to-head.
Journey to Safety Excellence – Tagline or Tangible Resource?browzcompliance
In 2014, the National Safety Council kicked off an initiative called “The Journey to Safety Excellence,” a result of the Council’s understanding that many small to medium sized companies do not have the same safety resources and networking capabilities as larger corporations.
To that end, the Council put together free assessment tools, resource information and a networking structure that smaller companies could utilize at no cost — so they could start down their own path of safety excellence. In this presentation, attendees will learn how businesses of many types can benefit in utilizing the free resources.
This webinar takes the audience through the steps of continuous safety process improvement, and talks through a real-life scenario of how a company could utilize each aspect of the Journey to Safety Excellence resources.
To join or learn more about The Journey to Safety Excellence, visit: http://www.nsc.org/Measure/Pages/journey-to-safety-excellence.aspx.
Technology Executives Club Roundtable SIG - Nov 6 Session SummaryWCapra
The W. Capra Consulting Group hosted the inaugural Technology Executives Club's (TEC) Cyber Security and Risk Management Roundtable / Special Interests Group (SIG) last week.
Great turnout and the dialog was thought provoking and provided valuable insight. Attached is a Roundtable Summary that captures the key points of the discussion and predominant views shared.
We look forward to seeing you January 29th, 2016 at the next Security Roundtable SIG. More information is available at http://technologyexecutivesclub.com/Securitychicago
Psychosocial Dx: Identifying Invisible 45003 Factorsmyosh team
EFO Consulting has designed a Psychosocial Dx to measure performance, apply reliable benchmarks and Levers for action.
Can surveys be used to assess risk or only identify hazard?
What options are available to manage psychosocial factors that are simple pragmatic and value add?
Join us during this webinar to understand Psychosocial Diagnostic (Dx) options and methods of responding to range of psychosocial regulations and industry guidance:
Options available to identify hazards and assess risks that are often invisible
Understand specific areas of exposure, job demands, job resources and the impact these have on work outcomes.
Utilise reliable Levers to prevent, respond and promote healthy workplaces and high performance.
Case studies of transferring legal requirements and theory into practices that add value.
An overview of how to develop SMART security metrics that are meaningful for targeted audience: operational, tactical and strategic. I discuss key performance and risk indicators and graphical presentation for your audience.
A Pulse of Predictive Analytics In Higher Education │ Civitas LearningCivitas Learning
Civitas Learning presents the findings of our survey conducted during the September 2014 Civitas Learning Summit, where more than 100 leaders representing 40 Pioneer Partner institutions gathered to share more on their work. The survey, distributed to all participants, resulted in 74 responses highlighting how this cross-section of higher education institutions are using advanced analytics to power student success initiatives.
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
This webinar discussed the purpose of data analytics and how it can be a light in the darkness for your organization to make better decisions for the future. The webinar covered the purpose of data analysis and its definition, the fundamental steps to take to perform data analysis to problem solve, and closed with next steps that attendees can take to further develop data analysis and business intelligence within their organizations.
During this webinar, attendees learned about the following:
- How data analytics functions to help your organization improve.
- The process for using data analytics to solve problems.
- Next steps to take to build data analysis within your organization.
Operational Leadership and Critical Risk Managementmyosh team
Presented by Mark Cooper, Principal Consultant, Sentis
Whats covered?
High hazard activities rely on rules, procedures and standards to specify ‘safe operation’. While these standards are usually written by experts, they may not universally apply to every situation or operational context. A recent review of over 160 serious incidents across multiple industry sectors, identified that 49% of control failures involved intentional ‘workarounds’. This is not to suggest that workers are defiantly flouting rules or expectations. In fact, often workaround behaviours can be linked back to operational leadership and organisational factors.
Operational leaders set the tone and help shape the environment within which critical controls are managed. They act as role models, define what’s expected and influence behaviours and attitudes through their actions and words. In this webinar we’ll target the role of leadership in critical control management processes.
In this webinar, Sentis Principal Consultant Mark Cooper will explore:
• The psychology of risk, risk taking and risk management
• Strategies for leaders to promote, influence and reinforce the importance of critical control management
• The benefits of examining the ways your work is affected by latent operational and corporate influences.
This is a webinar presented April 14, 2015 by Embry-Riddle Aeronautical University and featuring noted safety expert Dr. Mark Friend. Dr. Friend looks at the topic, "How to make safety work in your company."
Similar to A Self-Report Measure of End-User Security Attitudes (SA-6) (20)
Working with data is a challenge for many organizations. Nonprofits in particular may need to collect and analyze sensitive, incomplete, and/or biased historical data about people. In this talk, Dr. Cori Faklaris of UNC Charlotte provides an overview of current AI capabilities and weaknesses to consider when integrating current AI technologies into the data workflow. The talk is organized around three takeaways: (1) For better or sometimes worse, AI provides you with “infinite interns.” (2) Give people permission & guardrails to learn what works with these “interns” and what doesn’t. (3) Create a roadmap for adding in more AI to assist nonprofit work, along with strategies for bias mitigation.
In this talk, Dr. Cori Faklaris gives an overview of important concepts in Human Factors engineering. She describes cognitive and social factors, interface factors, and task and environment factors that impact human performance. Importantly, she stresses that failures should be seen as normal and expected, and designers should endeavor to minimize them or prevent them. The two types of human failures - errors (inadvertent) and non-compliance (deliberate) - can be addressed through better interfaces and, sometimes, training. When human failures occur, the root cause usually can be traced to human decisions. This talk was given as a tutorial to the Center for Advanced Power Engineering Fall 2023 meeting, at Clemson University, SC, USA.
For this plenary talk at the Charlotte AI Institute for Smarter Learning, Dr. Cori Faklaris introduces her fellow college educators to the exciting world of generative AI tools. She gives a high-level overview of the generative AI landscape and how these tools use machine learning algorithms to generate creative content such as music, art, and text. She then shares some examples of generative AI tools and demonstrate how she has used some of these tools to enhance teaching and learning in the classroom and to boost her productivity in other areas of academic life.
Our research focuses on understanding how attitudes and social influences act on end users in the process of cybersecurity behavior adoption (or non-adoption). This talk discusses three expectancy-value models and two stage models that have been applied successfully in social psychology, marketing, and public health. We first introduce our project, then give an overview of these existing models. We then present the progress of our empirical mixed-methods research to craft a model specific to cybersecurity adoption that identifies the relevant (1) attitudes and (2) social influences acting at each step, along with (3) tech characteristics that are associated with sustained adoption. We conclude with remarks on how our work can be of use to cybersecurity teams tasked with boosting awareness and/or adoption.
Talk for the Cylab Partners Conference on Sept. 23, 2020. (1) Unintentional insider threat (UIT) can arise because security tools or infrastructure does not account for social needs.
(2) Social influences can be used to motivate security behaviors.
Overview of key concepts in usable security and privacy for UX designers, chiefly: Threat modeling; Fair Information Practices; 3-pronged approach to usable security + privacy; Learning science principles; Communication-Human Information Processing model for warnings. Guest lecture in Programming Usable Interfaces, Spring 2020, Carnegie Mellon University.
In this talk for Cybersecurity Days at Ohio State University, I first discuss the urgent need for new solutions in the human side of cybersecurity, shown by the doubled increase in social attacks from 2013 to 2018 in the most recent Verizon data breach investigations report. I draw an analogy between health/wellness and cybersecurity, using the example of messaging around flu shots this time of year to point out individual and social factors that experts can leverage for awareness and behavior change. I then discuss our research at Carnegie Mellon to develop the SA-6 psychometric scale to measure security attitude and give examples of how to use it. I finish by outlining our research into cybersecurity in the workplace, in romantic relationships, and in the context of general social influence using consumer tools and apps. See our website at https://socialcybersecurity.org for more information about our research.
Presentation to the Three Rivers Information Security Symposium (TRISS 2018) on Oct. 19, 2018, in Monroeville, Pennsylvania. Based on ideas developed at Carnegie Mellon University.
Presentation at the 2018 USENIX Symposium on Usable Privacy and Security (SOUPS 2018) in Baltimore, Md., USA. (https://www.usenix.org/conference/soups2018/presentation/park) Security design choices often fail to take into account users' social context. Our work is among the first to examine security behavior in romantic relationships. We surveyed 195 people on Amazon Mechanical Turk about their relationship status and account sharing behavior for a cross-section of popular websites and apps (e.g., Netflix, Amazon Prime). We examine differences in account sharing behavior at different stages in a relationship and for people in different age groups and income levels. We also present a taxonomy of sharing motivations and behaviors based on the iterative coding of open-ended responses. Based on this taxonomy, we present design recommendations to support end users in three relationship stages: when they start sharing access with romantic partners; when they are maintaining that sharing; and when they decide to stop. Our findings contribute to the field of usable privacy and security by enhancing our understanding of security and privacy behaviors and needs in intimate social relationships.
Presented July 15, 2018 to the 2018 Organizational Science and Cybersecurity Workshop, George Mason University, Fairfax, VA, USA. In this talk, I present the Transtheoretical Model (TTM) of Behavior Change for use in an organizational context as part of a larger reframing of end-user cybersecurity as a problem of organization health and wellness. I explain a visual diagram of six TTM Stages of Change and associated intervention strategies, as adapted from medical and wellness literature, and relate these to examples of security interventions currently in use, such as password strength indicators and Facebook Trusted Contacts. I conclude with my view that this framing can help researchers and practitioners approach “wicked problems” of organizational security that are not “tame” or one-and-done engineering problems but socio-cultural conditions that call for sustained, empowered action.
Slides for a presentation on what works in social media for academics, given Oct. 24, 2017 to the CHIMPS Lab at Carnegie Mellon University's Human Computer Interaction Institute in the School of Computer Science.
You have reached that point in your life where a change is needed. Perhaps you have been contemplating an upgrade to your skill set, a new degree or certificate, additional credentials or even a completely new career.
This special session at InWIC is designed to offer insights, practical tips and encouragement to anyone who is thinking about – or in the process of – pursing additional education. The co-presenters will offer their personal experiences in navigating the financial, logistical and emotional/psychological issues involved in being an adult/returning student and will provide a number of useful resources for addressing these issues. The session will include time for participants to share their own experiences and to form a network for support in the future.
Success is within your grasp, but in order to have smooth sailing, enjoy the view on the way down and not crash to the ground, you need a parachute – a plan for how you will address the risks, meet the challenges and maximize the opportunities and experiences that higher education presents. This InWIC session is intended to help you begin to prepare your plan.
Presentation prepared by Cori Faklaris of the Viégas et al. 2006 paper on the "Themail" email visualization tool for H565 Collaborative and Social Computing, Fall 2015, in the Department of Human-Centered Computing at IUPUI's School of Informatics and Computing.
Presentation for a UX design and development project authored by myself, Melissa Dryer and Joe Dara for H541 Interaction Design Practice, Fall 2015, in the graduate program in Human-Computer Interaction at Indiana University-Purdue University Indianapolis.
Presentation by Cori Faklaris and Sara Anne Hook on Sept. 18, 2015. An overview of case law, articles and key findings as to how electronic discovery in U.S. legal system is affected by the rise of Snapchat, WhatsApp and other mobile messaging apps in the face of the pending update to the Federal Rules of Civil Procedure. This presentation was originally prepared for the ATINER 2015 International Conference on Law in Athens, Greece. These revised slides were used during a Brown Bag talk to the Department of Human-Centered Computing, School of Informatics and Computing, Indiana University-Purdue University Indianapolis.
It's exciting to enter graduate school and return to college life again. But my first concern upon getting my acceptance letter was: Great, now how will I pay for it? As an adult returning student, I have more options than I did as a teenager for paying for college -- even though I'm leaving my full-time job. I detail five methods I'm focusing on to make my finances work.
Cori Faklaris, known as @heycori on Twitter and on Facebook, LinkedIn, Pinterest, Instagram and other social media platforms, offers her lessons from years curating a her online brand as a news personality and in managing social media accounts for the IndyStar.com news website.
More from University of North Carolina at Charlotte (18)
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Discussion on Vector Databases, Unstructured Data and AI
https://www.meetup.com/unstructured-data-meetup-new-york/
This meetup is for people working in unstructured data. Speakers will come present about related topics such as vector databases, LLMs, and managing data at scale. The intended audience of this group includes roles like machine learning engineers, data scientists, data engineers, software engineers, and PMs.This meetup was formerly Milvus Meetup, and is sponsored by Zilliz maintainers of Milvus.
Learn SQL from basic queries to Advance queriesmanishkhaire30
Dive into the world of data analysis with our comprehensive guide on mastering SQL! This presentation offers a practical approach to learning SQL, focusing on real-world applications and hands-on practice. Whether you're a beginner or looking to sharpen your skills, this guide provides the tools you need to extract, analyze, and interpret data effectively.
Key Highlights:
Foundations of SQL: Understand the basics of SQL, including data retrieval, filtering, and aggregation.
Advanced Queries: Learn to craft complex queries to uncover deep insights from your data.
Data Trends and Patterns: Discover how to identify and interpret trends and patterns in your datasets.
Practical Examples: Follow step-by-step examples to apply SQL techniques in real-world scenarios.
Actionable Insights: Gain the skills to derive actionable insights that drive informed decision-making.
Join us on this journey to enhance your data analysis capabilities and unlock the full potential of SQL. Perfect for data enthusiasts, analysts, and anyone eager to harness the power of data!
#DataAnalysis #SQL #LearningSQL #DataInsights #DataScience #Analytics
Adjusting OpenMP PageRank : SHORT REPORT / NOTESSubhajit Sahu
For massive graphs that fit in RAM, but not in GPU memory, it is possible to take
advantage of a shared memory system with multiple CPUs, each with multiple cores, to
accelerate pagerank computation. If the NUMA architecture of the system is properly taken
into account with good vertex partitioning, the speedup can be significant. To take steps in
this direction, experiments are conducted to implement pagerank in OpenMP using two
different approaches, uniform and hybrid. The uniform approach runs all primitives required
for pagerank in OpenMP mode (with multiple threads). On the other hand, the hybrid
approach runs certain primitives in sequential mode (i.e., sumAt, multiply).
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Analysis insight about a Flyball dog competition team's performanceroli9797
Insight of my analysis about a Flyball dog competition team's last year performance. Find more: https://github.com/rolandnagy-ds/flyball_race_analysis/tree/main
A Self-Report Measure of End-User Security Attitudes (SA-6)
1. A Self-Report Measure
of End-User
Security Attitudes (SA-6)
Cori Faklaris, Laura Dabbish and Jason I. Hong
Human-Computer Interaction Institute
Usenix Symposium on Usable Privacy and Security (SOUPS 2019), Aug. 12, 2019, Santa Clara, CA, USA
2. Key takeaways
1. SA-6 is a lightweight tool to quantify and
compare people’s attitudes toward using
recommended security tools and practices.
2. SA-6 may help to improve predictive modeling
of who will adopt such behaviors.
2Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
3. SA-6 is a lightweight tool to quantify and compare security attitudes
3Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
▪ Generally, I diligently follow a routine about security practices.
▪ I always pay attention to experts’ advice about the steps I need to take
to keep my online data and accounts safe.
▪ I am extremely knowledgeable about all the steps needed to keep my
online data and accounts safe.
▪ I am extremely motivated to take all the steps needed to keep my online
data and accounts safe.
▪ I often am interested in articles about security threats.
▪ I seek out opportunities to learn about security measures that are
relevant to me.
On a scale of 1=Strongly Disagree to 5=Strongly Agree, rate your level of agreement with the following:
4. 4Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
SA-6 may help to improve predictive modeling of security adoption
Attitude toward
security behavior
Security
behavior
intention
Security
behavior
SA-6
SeBIS
Recalled
actions
Better predictive modeling = better targeting of interventions
5. ▪ Much usability research
employs in-depth
interviews and
observations.
▪ But this is not always
feasible or desirable.
5Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Our field needs reliable and validated psychometric scales
https://giphy.com/gifs/heyarnold-hey-arnold-nicksplat-xT1R9EbolF7trQnIyI
6. Our field needs reliable and validated psychometric scales
▪ For large-scale,
longitudinal or
time-sensitive research,
we need an online survey
form that can be given
with other scales or
questionnaires.
6Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
7. ▪ Knowing users’ attitudes,
intentions and behaviors helps
us craft security tools that are:
▫ Useful
▫ Easy to use
▫ Satisfying to users
7
https://www.interaction-design.org/literature/topics/usability
Our field needs reliable and validated psychometric scales
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
8. Our field needs reliable and validated psychometric scales
▪ An attitude scale helps answer
research questions such as:
▫ How attentive to security
advice is a certain user group
likely to be?
▫ Does a new tool help or hurt a
user’s attitude toward security
compliance?
8Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
9. Current state of the art is SeBIS (Egelman & Peer 2015)
▪ 16-item self-report inventory in four areas:
▫ Password generation
▫ Proactive awareness
▫ Software updates
▫ Device securement
But it has limitations:
▪ Specific to behavior intentions, not to attitudes.
▪ Tech-specific wording may become outdated.
The Security Behavior Intentions Scale (SeBIS) isn’t enough
9Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
10. ▪ Theory of Reasoned Action
▫ Technology Acceptance Model
▫ Diffusion of Innovation Theory
▪ Elaboration Likelihood Model
▪ Self-Determination Theory
▪ Protection Motivation Theory
An additional scale is needed to conduct theory-motivated research
10Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Behavior
Intention
Attitude
Fishbein & Azjen 1967, 2010; Davis et al. 1989; Rogers 2010;
Petty & Cacioppo 1980; Ryan & Deci 2000; Rogers 1975
11. Best practice: Generate candidate items from prior work (Das et al. 2017)
11
Awareness Motivation Knowledge
Security Sensitivity
to engage in expert-recommended security practices
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Attitude
12. ▪ A security breach, if one occurs, is not likely to cause significant harm to
my online identity or accounts.
▪ Generally, I am aware of existing security threats.
▪ Generally, I am willing to spend money to use security measures that
counteract the threats that are relevant to me.
▪ Generally, I care about security and privacy threats.
▪ Generally, I diligently follow a routine about security practices.
▪ Generally, I know how to figure out if an email was sent by a scam
artist.
▪ Generally, I know how to use security measures to counteract the
threats that are relevant to me.
▪ Generally, I know which security threats are relevant to me.
Best practice: Test many different item variations for SA-6 (60+ to start)
12Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
13. ▪ SeBIS scale, 16 items
▪ Internet Know-How, 9 items
▪ Technical Know-How, 9 items
▪ Internet Users Information Privacy Concerns scale, 10 items
▪ Frequency of falling victim to a security breach, 2 items
▪ Amount heard or seen about security breaches, 1 item
▪ Barratt Impulsiveness Scale, 30 items
▪ Privacy Concerns Scale, 16 items
▪ Ten-Item Personality Inventory, 10 items
▪ General Self-Efficacy scale, 11 items
▪ Social Self-Efficacy scale, 5 items
▪ Confidence in Using Computers, 12 items
Best practice: Collect measures theorized to relate with SA-6
13Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
14. 14
Best practice: Collect measures theorized to relate with SA-6
Test convergent validity
▪ RQ1a: Is SA-6 positively
correlated with SeBIS?
▪ RQ1b: Do other measures
thought to relate with
security attitude correlate
with SA-6?
Test discriminant validity
▪ RQ2a: Does SA-6 vary with
respect to background
social factors (e.g. age,
gender)?
▪ RQ2b: Does SA-6 vary
with past experiences of
security breaches?
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
15. Samples not significantly
different by age
[overall X^2(4,
N=475)=11.42, p = n.s.]
or gender
[X^2(1, N = 475) =2.95,
p = n.s.]
Amazon Mechanical Turk
sample
15
Best practice: Use a large, diverse sample for finalizing scale items
Meets recommended ratio (5:1 to 10:1) of responses to scale items
N =
475
University-run study pool
sample
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
16. Best practice: Repeat study in a representative sample to validate scale
16
N =
209
Qualtrics-filled panel with age, gender & income tailored to U.S. population
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
17. 17
Best practice: Iterative analyses to zero in on the items for the scale
Factor tests
▪ Exploratory
Factor Analysis
to check item
correlations (SPSS)
▪ Reliability
Analysis (alpha)
to confirm internal
consistency
Model tests
▪ Confirmatory
Factor Analysis
to check goodness
of fit (MPlus)
▪ Run several CFA
models to make
sure we specified
the best model
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
18. SA-6 scale items (SPSS Principal Components Analysis) Factor loading
I seek out opportunities to learn about security measures that are
relevant to me.
0.81
I am extremely motivated to take all the steps needed to keep my
online data and accounts safe.
0.78
Generally, I diligently follow a routine about security practices. 0.77
I often am interested in articles about security threats. 0.72
I always pay attention to experts' advice about the steps I need to
take to keep my online data and accounts safe.
0.71
I am extremely knowledgeable about all the steps needed to keep my
online data and accounts safe. 0.71
SA-6 demonstrates desired consistency + fit for a psychometric scale
18
ɑ=.84
CFI=.91
SRMR
=.05
19. SA-6 scale items (SPSS Principal Components Analysis) Factor loading
I seek out opportunities to learn about security measures that are
relevant to me.
0.81
I am extremely motivated to take all the steps needed to keep my
online data and accounts safe.
0.78
Generally, I diligently follow a routine about security practices. 0.77
I often am interested in articles about security threats. 0.72
I always pay attention to experts' advice about the steps I need to
take to keep my online data and accounts safe.
0.71
I am extremely knowledgeable about all the steps needed to keep my
online data and accounts safe. 0.71
SA-6 = attentiveness to and engagement with cybersecurity measures
19
20. 20
Best practice: Statistical testing of SA-6 as a valid attitude measure
Factor tests
▪ Exploratory
Factor Analysis
to check item
correlations (SPSS)
▪ Reliability
Analysis (alpha)
to confirm internal
consistency
Model tests
▪ Confirmatory
Factor Analysis
to check goodness
of fit (MPlus)
▪ Run several CFA
models to make
sure we specified
the best model
Validity tests
▪ Test relationships +
differences with
other variables (SPSS)
▪ Also tested for
ability to predict
participants’ recalled
security actions in
past week
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
21. 21
Best practice: Test for expected associations with SA-6
Attitude toward
security behavior
Security
behavior
intention
SA-6 SeBIS
r=.540, p<.01
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Faklaris et
al. 2019
Egelman &
Peer 2015
▪ RQ1a: Is SA-6 positively
correlated with SeBIS?
▪ Yes.
22. 22
Best practice: Test for expected associations with SA-6
▪ RQ1a: Is SA-6 positively
correlated with SeBIS?
▪ Yes.
Attitude toward
security behavior
Security
behavior
intention
SA-6 SeBIS
R2
=.280,
p<.001
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Faklaris et
al. 2019
Egelman &
Peer 2015
23. 23
Best practice: Test for expected associations with SA-6
- With the
Internet Users’
Informational
Privacy Concerns
(IUIPC) scale
- With the
Privacy Concerns
Scale (PCS)
r=.390,
p<.01
r=.382,
p<.01
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Malhotra et
al. 2004
Buchanan
et al. 2007
▪ RQ1b: Do other measures
thought to relate with
security attitude correlate
with SA-6?
▪ Yes.
24. 24
Best practice: Test for expected associations with SA-6
- With the Barratt
Impulsiveness
Scale
- With the General
Self-Efficacy scale
- With the Social
Self-Efficacy scale
r=.180,
p<.01
r=.208,
p<.01
r=.363,
p<.01
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Stanford et
al. 2009
(update)
Zimmerman
et al. 2000
Zimmerman
et al. 2000
▪ RQ1b: Do other measures
thought to relate with
security attitude correlate
with SA-6?
▪ Yes.
25. 25
Best practice: Test for expected associations with SA-6
▪ RQ1b: Do other measures
thought to relate with
security attitude correlate
with SA-6?
▪ Yes.
- With the Kang
Internet
Know-How scale
- w/Confidence in
using computers
- w/Web-oriented
digital literacy
r=.542,
p<.01
r=.280,
p<.05
r=.503,
p<.05
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Kang et al.
2015
Fogarty et
al. 2001
(adapted)
Hargittai
2005
26. 26
Best practice: Test for expected differences in SA-6 by subgroup
▪ RQ2a: Does SA-6 vary with background factors? Yes.
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
SA-6 Mean (SD) t(df), p
Age group
18-39
3.40 (.81)
40 +
3.69 (.76)
t(207)= -2.172, p<.05
Gender
Male
3.77 (.71)
Female
3.53 (.81)
t(198.38)= 2.19, p<.05
27. 27
Best practice: Test for expected differences in SA-6 by subgroup
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
SA-6 Mean (SD) t(df), p
College attendance
No college
3.42 (.79)
Attended college
3.73 (.76)
t(207)=-2.76, p<.01
Income level
Below $25K
3.30 (.71)
Above $25K
3.73 (.77)
t(207)=-3.42, p<.005
▪ RQ2a: Does SA-6 vary with background factors? Yes.
28. ▪ RQ2b: Does SA-6 vary with past breach experiences? Yes.
SA-6 Mean (SD) t(df), p
Low High
Themselves falling victim to a security breach 3.56 (.78) 4.13 (.58) t(41.46) = -4.54, p<.001
Close friends or relatives falling victim 3.57 (.76) 4.10 (.74) t(207)= -3.40, p<.005
Heard about security breaches in the past year 3.35 (.80) 3.77 (.74) t(207)=-3.77, p<.001
28
Best practice: Test for expected differences in SA-6 by subgroup
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
29. Test support for predictive validity
▪ RQ3: Does a person’s SA-6 score positively associate with a measure
of self-reported security behaviors within the past week?
▪ Collected 10 items based on SeBIS, 5-level agreement scale (RSec)
29
Best practice: Collect measures theorized to relate with SA-6
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Ex: “In the past week, I have verified at least
once that my antivirus software is up to date.”
30. 30
Best practice: Test for SA-6’s influence on outcome variables
Attitude toward
security behavior
Security
behavior
SA-6 RSec
r=.398,
p<.001
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Faklaris et
al. 2019
▪ RQ3: Does SA-6 positively
associate with a measure of
self-reported security
behaviors within the past
week (RSec)?
▪ Yes.
Faklaris et
al. 2019
31. 31
Best practice: Test for SA-6’s influence on outcome variables
Attitude toward
security behavior
Security
behavior
intention
Security
behavior
SA-6
SeBIS
RSec
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Faklaris et
al. 2019
Faklaris et
al. 2019
Egelman & Peer 2015
R2
=.280,
p<.001
32. 32
Best practice: Test for SA-6’s influence on outcome variables
Attitude toward
security behavior
Security
behavior
intention
Security
behavior
SA-6
SeBIS
RSec
R2
=.235,
p<.001
R2
=.280,
p<.001
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Faklaris et
al. 2019
Faklaris et
al. 2019
Egelman & Peer 2015
33. 33
Best practice: Test for SA-6’s influence on outcome variables
Attitude toward
security behavior
Security
behavior
intention
Security
behavior
SA-6
SeBIS
RSec
R2
=.158,
p<.001
Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
Faklaris et
al. 2019
Faklaris et
al. 2019
Egelman & Peer 2015
R2
=.235,
p<.001
R2
=.280,
p<.001
34. 34Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
SA-6 can improve predictive modeling + targeting of interventions
Attitude toward
security behavior
Security
behavior
intention
Security
behavior
SA-6
SeBIS
RSec
Low SA-6 → boost awareness/motivation; High SA-6 → boost skill/ability
Faklaris et
al. 2019
Faklaris et
al. 2019
Egelman & Peer 2015
R2
=.158,
p<.001
R2
=.235,
p<.001
R2
=.280,
p<.001
35. SA-6 can be helpful in your own usable security research
▪ Easily administer SA-6 via online survey
form with other scales or questionnaires.
▪ Answer research questions such as
▫ How attentive to security advice is a
certain user group likely to be?
▫ Does a new tool help or hurt a user’s
attitude toward security compliance?
35Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
https://socialcybersecurity.org/sa6.html
36. SA-6 can be helpful in your own usable security research
▪ Test hypotheses & models motivated by:
▫ Theory of Reasoned Action,
▫ Elaboration Likelihood Model,
▫ Self-Determination Theory,
▫ Protection Motivation Theory,
▫ Other theories and frameworks.
36Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
https://socialcybersecurity.org/sa6.html
37. Take the Security Attitude quiz at SocialCybersecurity.org/sa6quiz
37Introduction | Study Motivation | Scale Development | Scale Validation | Conclusion
38. Get the SA-6 scale & follow our work:
○ Twitter: @heycori | Email: heycori @cmu.edu
○ https://socialcybersecurity.org/sa6.html
38
Key takeaways
1. SA-6 is a lightweight tool to quantify and
compare people’s attitudes toward using
recommended security tools and practices.
2. SA-6 may help to improve predictive
modeling of who will adopt such behaviors.
Thank you to