SlideShare a Scribd company logo

Social Cybersecurity: Ideas for Nudging Secure Behaviors Through Social Influences

Download as PPTX, PDF
Cori Faklaris
Cori Faklaris

Presentation to the Three Rivers Information Security Symposium (TRISS 2018) on Oct. 19, 2018, in Monroeville, Pennsylvania. Based on ideas developed at Carnegie Mellon University.

Technology
1 of 28
Social Cybersecurity: Ideas for Nudging Secure Behaviors Through Social Influences Cori Faklaris | Oct. 19, 2018 Presentation to the 2018 Three Rivers Information Security Symposium (TRISS 2018), Monroeville, Pa., USA @heycori Human-Computer Interaction Institute
2 Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Robert B. Cialdini. 2001 (4th ed.). Influence. A. Michel Port Harcourt. Cori Faklaris - October 2018 - TRISS 2018 | Page2 @heycori
Agenda ✖ About me ✖ About the Social Cybersecurity project ✖ Ideas to apply this work in your context ✖ Next steps for our research Feel free to ask questions at any point. Cori Faklaris - October 2018 - TRISS 2018 | Page3 @heycori
Cori Faklaris - October 2018 - TRISS 2018 | Page4 ● PhD student researcher at Carnegie Mellon University ○ Social cybersecurity, Design of information systems, Emerging trends in social media and messaging apps ● M.S., Human-Computer Interaction ○ Indiana University School of Informatics and Computing ○ Thesis: The State of Digital ‘Fair Use’ ● B.S., Journalism, News-Editorial sequence ○ University of Illinois at Urbana-Champaign College of Media ● Social Media Consultant and Editor/Writer ● Previous job titles in news media included: ○ Engagement Producer, Page Designer, Copy Editor, Correspondent, Columnist, Reporter ... ○ “Doer of Things No One Else Wants to Do” (IT, UX :-) About me @heycori
5Cori Faklaris - October 2018 - TRISS 2018 | Page5 @heycori
6Cori Faklaris - October 2018 - TRISS 2018 | Page6 Friend 1, Friend 2, Friends 3 & 4, 6 @heycori
7 Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Robert B. Cialdini. 2001 (4th ed.). Influence. A. Michel Port Harcourt. Cori Faklaris - October 2018 - TRISS 2018 | Page7 @heycori
1. Reciprocation We desire to repay in kind what someone else does for us. “I’ll scratch your back if you scratch mine.” - English idiom, Latin: quid pro quo 8Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
9 Reciprocation & Cybersecurity … 1. Give a gift that obliges behaviors. a. USB drive containing safe software & apps b. ‘Thank you’ card 2. Frame requests as a “big ask,” followed by the real ask. Cori Faklaris - October 2018 - TRISS 2018 | Page9 @heycori
2. Commitment and Consistency Once we make a choice and take a stand, we feel pressure to live up to that commitment. “How are you? Good, are you willing to donate ...” - the ‘Foot-in-the-door’ sales technique 10Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
11 Commitment and Consistency & Cybersecurity … 1. Ask system users to “please watch out for” mistakes in security protocol. 2. Ask users to sign their names to a public promise to use security tools and practices. Cori Faklaris - October 2018 - TRISS 2018 | Page11 @heycori
3. Social Proof We view a behavior as correct in a given situation to the degree that we can observe others performing it. “Fifty million Americans can’t be wrong ...” - Type of phrase often used in advertising copy 12Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
13 Social Proof & Cybersecurity … 1. Display statistics or facts about security behaviors via a lock screen or new browser tab. 2. Crowdsource security tips, then publicize them to the work group. Cori Faklaris - October 2018 - TRISS 2018 | Page13 @heycori FACT: Carnegie Mellon University has not suffered a breach of payroll systems since adopting 2FA.
4. Liking Our personal affinities are bound up in cooperation and compliance – and vice versa. “Flattery will get you everywhere.” - Mae West, 20th century movie actress - See also “Good Cop, Bad Cop” 14Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
15 Liking & Cybersecurity … 1. Recruit a popular member of a workgroup as a helper and ally for InfoSec initiatives. 2. Set a group goal for security behaviors, with rewards for improvements. Cori Faklaris - October 2018 - TRISS 2018 | Page15 @heycori
5. Authority We have an instinct to obey people who are presented to us as authority figures and/or experts. “The apparel oft proclaims the man.” - Polonius in Hamlet, William Shakespeare 16Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
17 Authority & Cybersecurity … 1. Cite security experts or research to back up why you require a security tool or practice. 2. Train end users to avoid being tricked by fake authorities. Cori Faklaris - October 2018 - TRISS 2018 | Page17 You should be thinking right now: Is this a legitimate business card??? @heycori
http://www.shsu.edu/dept/it@sam/tech nology-tutorials/duo/ 18
6. Scarcity Limiting access to a resource (or seeming to) makes it more desirable. “Don’t wait! Last chance before they’re gone!” - Type of phrase often used in advertising copy 19Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
20 Scarcity & Cybersecurity … 1. Frame the use of security tools or practices in terms of losses rather than benefits. 2. Avoid erratic enforcement that leads to revoking privileges from end users. Cori Faklaris - October 2018 - TRISS 2018 | Page20 1 in 5 breaches can’t be prevented by implementing 2FA - I need to stay vigilant for hackers! @heycori
21 Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Robert B. Cialdini. 2001 (4th ed.). Influence. A. Michel Port Harcourt. Cori Faklaris - October 2018 - TRISS 2018 | Page21 @heycori
Works in Progress ✖ Psychometric scale to help target end-user interventions by security sensitivity. ✖ “Security score” for end users. ✖ Game apps to simulate social actions and competition around security practices. ✖ Interviews with IT professionals about challenges for workgroups who share accounts and devices. ✖ Browser plugin to make crowd opinions about privacy & security settings observable. Cori Faklaris - October 2018 - TRISS 2018 | Page22 @heycori
23Cori Faklaris - October 2018 - TRISS 2018 | Page23 @heycori Das, Sauvik, "Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior" (2017). Dissertations. 982. http://repository.cmu.e du/dissertations/982 “Security Sensitivity” indicates an end user’s degree of receptiveness to advice and to using security tools and best practices in everyday life.
Works in Progress ✖ Psychometric scale to help target security interventions by readiness to change. ✖ “Security score” for end users. ✖ Game apps to simulate social actions and competition around security practices. ✖ Interviews with IT professionals about challenges for workgroups who share accounts and devices. ✖ Browser plugin to make crowd opinions about privacy & security settings observable. Cori Faklaris - October 2018 - TRISS 2018 | Page24 @heycori
https://sijier.000webhostapp.com/ 25Cori Faklaris - October 2018 - TRISS 2018 | Page25 @heycori
Works in Progress ✖ Psychometric scale to help target security interventions by readiness to change. ✖ “Security score” for end users. ✖ Game apps to simulate social actions and competition around security practices. ✖ Interviews with IT professionals about challenges for workgroups who share accounts and devices. ✖ Browser plugin to make crowd opinions about privacy & security settings observable. Cori Faklaris - October 2018 - TRISS 2018 | Page26 @heycori
27Cori Faklaris - October 2018 - TRISS 2018 | Page27 @heycori Try it at https://tinyurl.com/CrowdFBTool
Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Any Questions? Partnership Ideas? You can find me at ● Email: heycori @cmu.edu ● Website: http://corifaklaris.com @heycori

Recommended

Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Chapter 5
Chapter 5Chapter 5
Chapter 5Nada G.Youssef
 
Chuck Brooks profile on cybersecurity, homeland security, and emerging tech
Chuck Brooks profile on cybersecurity, homeland security, and emerging techChuck Brooks profile on cybersecurity, homeland security, and emerging tech
Chuck Brooks profile on cybersecurity, homeland security, and emerging techChuck Brooks
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
FTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsFTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsPatton Boggs LLP
 
8 Internet of Things Figures Everyone Should Know
8 Internet of Things Figures Everyone Should Know8 Internet of Things Figures Everyone Should Know
8 Internet of Things Figures Everyone Should KnowMegan Thudium
 

Recommended

Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Chapter 5
Chapter 5Chapter 5
Chapter 5Nada G.Youssef
 
Chuck Brooks profile on cybersecurity, homeland security, and emerging tech
Chuck Brooks profile on cybersecurity, homeland security, and emerging techChuck Brooks profile on cybersecurity, homeland security, and emerging tech
Chuck Brooks profile on cybersecurity, homeland security, and emerging techChuck Brooks
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
FTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsFTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsPatton Boggs LLP
 
8 Internet of Things Figures Everyone Should Know
8 Internet of Things Figures Everyone Should Know8 Internet of Things Figures Everyone Should Know
8 Internet of Things Figures Everyone Should KnowMegan Thudium
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and PrivacyCori Faklaris
 
Social Engineering and other Foes in the GDPR Year
Social Engineering and other Foes in the GDPR YearSocial Engineering and other Foes in the GDPR Year
Social Engineering and other Foes in the GDPR YearMassimo Chirivì
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy IllusionMary Aviles
 
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-decke-SIDES.eu
 
Re thinking regulation at the age of AI
Re thinking regulation at the age of AIRe thinking regulation at the age of AI
Re thinking regulation at the age of AILofred Madzou
 
South By South Best 2018
South By South Best 2018 South By South Best 2018
South By South Best 2018 James Quinlan
 
When Privacy Scales - Intelligent Product Design under GDPR
When Privacy Scales - Intelligent Product Design under GDPRWhen Privacy Scales - Intelligent Product Design under GDPR
When Privacy Scales - Intelligent Product Design under GDPRAmanda Casari
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
Codes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of CodeCodes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of CodeMark Underwood
 
Knowledge management for professionals
Knowledge management for professionalsKnowledge management for professionals
Knowledge management for professionalsEsteban Romero Frías
 
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja Saidot
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsChristina Lekati
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
Cybersecurity and Information Assurance - Cloud Computing
Cybersecurity and Information Assurance - Cloud ComputingCybersecurity and Information Assurance - Cloud Computing
Cybersecurity and Information Assurance - Cloud ComputingJoseph Pindar
 
The Crisis of Self Sovereignty in The Age of Surveillance Capitalism
The Crisis of Self Sovereignty in The Age of Surveillance CapitalismThe Crisis of Self Sovereignty in The Age of Surveillance Capitalism
The Crisis of Self Sovereignty in The Age of Surveillance CapitalismJongseung Kim
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
Artificial intellect ukraine
Artificial intellect ukraineArtificial intellect ukraine
Artificial intellect ukraineananko
 
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaEthical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaRinshad Choorappara
 
AIIM New England Social Networking Presentation
AIIM New England Social Networking PresentationAIIM New England Social Networking Presentation
AIIM New England Social Networking PresentationDoug Cornelius
 
Human Factors at the Grid Edge
Human Factors at the Grid EdgeHuman Factors at the Grid Edge
Human Factors at the Grid EdgeCori Faklaris
 
An Introduction to Generative AI
An Introduction to Generative AIAn Introduction to Generative AI
An Introduction to Generative AICori Faklaris
 

More Related Content

Similar to Social Cybersecurity: Ideas for Nudging Secure Behaviors Through Social Influences

Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and PrivacyCori Faklaris
 
Social Engineering and other Foes in the GDPR Year
Social Engineering and other Foes in the GDPR YearSocial Engineering and other Foes in the GDPR Year
Social Engineering and other Foes in the GDPR YearMassimo Chirivì
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy IllusionMary Aviles
 
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-decke-SIDES.eu
 
Re thinking regulation at the age of AI
Re thinking regulation at the age of AIRe thinking regulation at the age of AI
Re thinking regulation at the age of AILofred Madzou
 
South By South Best 2018
South By South Best 2018 South By South Best 2018
South By South Best 2018 James Quinlan
 
When Privacy Scales - Intelligent Product Design under GDPR
When Privacy Scales - Intelligent Product Design under GDPRWhen Privacy Scales - Intelligent Product Design under GDPR
When Privacy Scales - Intelligent Product Design under GDPRAmanda Casari
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
Codes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of CodeCodes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of CodeMark Underwood
 
Knowledge management for professionals
Knowledge management for professionalsKnowledge management for professionals
Knowledge management for professionalsEsteban Romero Frías
 
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja Saidot
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsChristina Lekati
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
Cybersecurity and Information Assurance - Cloud Computing
Cybersecurity and Information Assurance - Cloud ComputingCybersecurity and Information Assurance - Cloud Computing
Cybersecurity and Information Assurance - Cloud ComputingJoseph Pindar
 
The Crisis of Self Sovereignty in The Age of Surveillance Capitalism
The Crisis of Self Sovereignty in The Age of Surveillance CapitalismThe Crisis of Self Sovereignty in The Age of Surveillance Capitalism
The Crisis of Self Sovereignty in The Age of Surveillance CapitalismJongseung Kim
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
Artificial intellect ukraine
Artificial intellect ukraineArtificial intellect ukraine
Artificial intellect ukraineananko
 
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaEthical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaRinshad Choorappara
 
AIIM New England Social Networking Presentation
AIIM New England Social Networking PresentationAIIM New England Social Networking Presentation
AIIM New England Social Networking PresentationDoug Cornelius
 

Similar to Social Cybersecurity: Ideas for Nudging Secure Behaviors Through Social Influences (20)

Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and Privacy
 
Social Engineering and other Foes in the GDPR Year
Social Engineering and other Foes in the GDPR YearSocial Engineering and other Foes in the GDPR Year
Social Engineering and other Foes in the GDPR Year
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy Illusion
 
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
 
Re thinking regulation at the age of AI
Re thinking regulation at the age of AIRe thinking regulation at the age of AI
Re thinking regulation at the age of AI
 
South By South Best 2018
South By South Best 2018 South By South Best 2018
South By South Best 2018
 
When Privacy Scales - Intelligent Product Design under GDPR
When Privacy Scales - Intelligent Product Design under GDPRWhen Privacy Scales - Intelligent Product Design under GDPR
When Privacy Scales - Intelligent Product Design under GDPR
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
Codes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of CodeCodes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of Code
 
Knowledge management for professionals
Knowledge management for professionalsKnowledge management for professionals
Knowledge management for professionals
 
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
Spring Splash 3.4.2019: When AI Meets Ethics by Meeri Haataja
 
Protecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider ThreatsProtecting Automotive Intellectual Property from Insider Threats
Protecting Automotive Intellectual Property from Insider Threats
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018
 
Cybersecurity and Information Assurance - Cloud Computing
Cybersecurity and Information Assurance - Cloud ComputingCybersecurity and Information Assurance - Cloud Computing
Cybersecurity and Information Assurance - Cloud Computing
 
The Crisis of Self Sovereignty in The Age of Surveillance Capitalism
The Crisis of Self Sovereignty in The Age of Surveillance CapitalismThe Crisis of Self Sovereignty in The Age of Surveillance Capitalism
The Crisis of Self Sovereignty in The Age of Surveillance Capitalism
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
 
Artificial intellect ukraine
Artificial intellect ukraineArtificial intellect ukraine
Artificial intellect ukraine
 
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaEthical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
 
AIIM New England Social Networking Presentation
AIIM New England Social Networking PresentationAIIM New England Social Networking Presentation
AIIM New England Social Networking Presentation
 

More from Cori Faklaris

Human Factors at the Grid Edge
Human Factors at the Grid EdgeHuman Factors at the Grid Edge
Human Factors at the Grid EdgeCori Faklaris
 
An Introduction to Generative AI
An Introduction to Generative AIAn Introduction to Generative AI
An Introduction to Generative AICori Faklaris
 
Components of a Model of Cybersecurity Behavior Adoption
Components of a Model of Cybersecurity Behavior AdoptionComponents of a Model of Cybersecurity Behavior Adoption
Components of a Model of Cybersecurity Behavior AdoptionCori Faklaris
 
Behavior Change Using Social Influences
Behavior Change Using Social InfluencesBehavior Change Using Social Influences
Behavior Change Using Social InfluencesCori Faklaris
 
How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...
How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...
How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...Cori Faklaris
 
A Self-Report Measure of End-User Security Attitudes (SA-6)
A Self-Report Measure of End-User Security Attitudes (SA-6)A Self-Report Measure of End-User Security Attitudes (SA-6)
A Self-Report Measure of End-User Security Attitudes (SA-6)Cori Faklaris
 
Reframing Usable Privacy + Security to Design for 'Cyber Health'
Reframing Usable Privacy + Security to Design for 'Cyber Health'Reframing Usable Privacy + Security to Design for 'Cyber Health'
Reframing Usable Privacy + Security to Design for 'Cyber Health'Cori Faklaris
 
Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...
Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...
Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...Cori Faklaris
 
Reframing Organizational Cybersecurity to Design for “Cyber Health”
Reframing Organizational Cybersecurity to Design for “Cyber Health”Reframing Organizational Cybersecurity to Design for “Cyber Health”
Reframing Organizational Cybersecurity to Design for “Cyber Health”Cori Faklaris
 
Social Media Best Practices - CMU Fall 2017
Social Media Best Practices - CMU Fall 2017Social Media Best Practices - CMU Fall 2017
Social Media Best Practices - CMU Fall 2017Cori Faklaris
 
If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...
If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...
If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...Cori Faklaris
 
"Visualizing Email Content": Article discussion slides
"Visualizing Email Content": Article discussion slides"Visualizing Email Content": Article discussion slides
"Visualizing Email Content": Article discussion slidesCori Faklaris
 
Together: An app to foster community for young urbanites
Together: An app to foster community for young urbanitesTogether: An app to foster community for young urbanites
Together: An app to foster community for young urbanitesCori Faklaris
 
The State of E-Discovery as Social Media Goes Mobile
The State of E-Discovery as Social Media Goes Mobile The State of E-Discovery as Social Media Goes Mobile
The State of E-Discovery as Social Media Goes Mobile Cori Faklaris
 
5 ideas for paying for college as an adult returning student
5 ideas for paying for college as an adult returning student5 ideas for paying for college as an adult returning student
5 ideas for paying for college as an adult returning studentCori Faklaris
 
Social media boot camp: "HeyCori"'s tips for successful engagement online
Social media boot camp: "HeyCori"'s tips for successful engagement onlineSocial media boot camp: "HeyCori"'s tips for successful engagement online
Social media boot camp: "HeyCori"'s tips for successful engagement onlineCori Faklaris
 

More from Cori Faklaris (16)

Human Factors at the Grid Edge
Human Factors at the Grid EdgeHuman Factors at the Grid Edge
Human Factors at the Grid Edge
 
An Introduction to Generative AI
An Introduction to Generative AIAn Introduction to Generative AI
An Introduction to Generative AI
 
Components of a Model of Cybersecurity Behavior Adoption
Components of a Model of Cybersecurity Behavior AdoptionComponents of a Model of Cybersecurity Behavior Adoption
Components of a Model of Cybersecurity Behavior Adoption
 
Behavior Change Using Social Influences
Behavior Change Using Social InfluencesBehavior Change Using Social Influences
Behavior Change Using Social Influences
 
How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...
How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...
How can we boost 'cyber health' ? Psychometrics, social appeals and tools for...
 
A Self-Report Measure of End-User Security Attitudes (SA-6)
A Self-Report Measure of End-User Security Attitudes (SA-6)A Self-Report Measure of End-User Security Attitudes (SA-6)
A Self-Report Measure of End-User Security Attitudes (SA-6)
 
Reframing Usable Privacy + Security to Design for 'Cyber Health'
Reframing Usable Privacy + Security to Design for 'Cyber Health'Reframing Usable Privacy + Security to Design for 'Cyber Health'
Reframing Usable Privacy + Security to Design for 'Cyber Health'
 
Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...
Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...
Share & Share Alike? An Exploration of Secure Behaviors in Romantic Relations...
 
Reframing Organizational Cybersecurity to Design for “Cyber Health”
Reframing Organizational Cybersecurity to Design for “Cyber Health”Reframing Organizational Cybersecurity to Design for “Cyber Health”
Reframing Organizational Cybersecurity to Design for “Cyber Health”
 
Social Media Best Practices - CMU Fall 2017
Social Media Best Practices - CMU Fall 2017Social Media Best Practices - CMU Fall 2017
Social Media Best Practices - CMU Fall 2017
 
If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...
If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...
If You Are Going To Skydive, You Need a Parachute: Navigating the World of H...
 
"Visualizing Email Content": Article discussion slides
"Visualizing Email Content": Article discussion slides"Visualizing Email Content": Article discussion slides
"Visualizing Email Content": Article discussion slides
 
Together: An app to foster community for young urbanites
Together: An app to foster community for young urbanitesTogether: An app to foster community for young urbanites
Together: An app to foster community for young urbanites
 
The State of E-Discovery as Social Media Goes Mobile
The State of E-Discovery as Social Media Goes Mobile The State of E-Discovery as Social Media Goes Mobile
The State of E-Discovery as Social Media Goes Mobile
 
5 ideas for paying for college as an adult returning student
5 ideas for paying for college as an adult returning student5 ideas for paying for college as an adult returning student
5 ideas for paying for college as an adult returning student
 
Social media boot camp: "HeyCori"'s tips for successful engagement online
Social media boot camp: "HeyCori"'s tips for successful engagement onlineSocial media boot camp: "HeyCori"'s tips for successful engagement online
Social media boot camp: "HeyCori"'s tips for successful engagement online
 

Recently uploaded

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 

Recently uploaded (20)

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Social Cybersecurity: Ideas for Nudging Secure Behaviors Through Social Influences

  • 1. Social Cybersecurity: Ideas for Nudging Secure Behaviors Through Social Influences Cori Faklaris | Oct. 19, 2018 Presentation to the 2018 Three Rivers Information Security Symposium (TRISS 2018), Monroeville, Pa., USA @heycori Human-Computer Interaction Institute
  • 2. 2 Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Robert B. Cialdini. 2001 (4th ed.). Influence. A. Michel Port Harcourt. Cori Faklaris - October 2018 - TRISS 2018 | Page2 @heycori
  • 3. Agenda ✖ About me ✖ About the Social Cybersecurity project ✖ Ideas to apply this work in your context ✖ Next steps for our research Feel free to ask questions at any point. Cori Faklaris - October 2018 - TRISS 2018 | Page3 @heycori
  • 4. Cori Faklaris - October 2018 - TRISS 2018 | Page4 ● PhD student researcher at Carnegie Mellon University ○ Social cybersecurity, Design of information systems, Emerging trends in social media and messaging apps ● M.S., Human-Computer Interaction ○ Indiana University School of Informatics and Computing ○ Thesis: The State of Digital ‘Fair Use’ ● B.S., Journalism, News-Editorial sequence ○ University of Illinois at Urbana-Champaign College of Media ● Social Media Consultant and Editor/Writer ● Previous job titles in news media included: ○ Engagement Producer, Page Designer, Copy Editor, Correspondent, Columnist, Reporter ... ○ “Doer of Things No One Else Wants to Do” (IT, UX :-) About me @heycori
  • 5. 5Cori Faklaris - October 2018 - TRISS 2018 | Page5 @heycori
  • 6. 6Cori Faklaris - October 2018 - TRISS 2018 | Page6 Friend 1, Friend 2, Friends 3 & 4, 6 @heycori
  • 7. 7 Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Robert B. Cialdini. 2001 (4th ed.). Influence. A. Michel Port Harcourt. Cori Faklaris - October 2018 - TRISS 2018 | Page7 @heycori
  • 8. 1. Reciprocation We desire to repay in kind what someone else does for us. “I’ll scratch your back if you scratch mine.” - English idiom, Latin: quid pro quo 8Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
  • 9. 9 Reciprocation & Cybersecurity … 1. Give a gift that obliges behaviors. a. USB drive containing safe software & apps b. ‘Thank you’ card 2. Frame requests as a “big ask,” followed by the real ask. Cori Faklaris - October 2018 - TRISS 2018 | Page9 @heycori
  • 10. 2. Commitment and Consistency Once we make a choice and take a stand, we feel pressure to live up to that commitment. “How are you? Good, are you willing to donate ...” - the ‘Foot-in-the-door’ sales technique 10Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
  • 11. 11 Commitment and Consistency & Cybersecurity … 1. Ask system users to “please watch out for” mistakes in security protocol. 2. Ask users to sign their names to a public promise to use security tools and practices. Cori Faklaris - October 2018 - TRISS 2018 | Page11 @heycori
  • 12. 3. Social Proof We view a behavior as correct in a given situation to the degree that we can observe others performing it. “Fifty million Americans can’t be wrong ...” - Type of phrase often used in advertising copy 12Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
  • 13. 13 Social Proof & Cybersecurity … 1. Display statistics or facts about security behaviors via a lock screen or new browser tab. 2. Crowdsource security tips, then publicize them to the work group. Cori Faklaris - October 2018 - TRISS 2018 | Page13 @heycori FACT: Carnegie Mellon University has not suffered a breach of payroll systems since adopting 2FA.
  • 14. 4. Liking Our personal affinities are bound up in cooperation and compliance – and vice versa. “Flattery will get you everywhere.” - Mae West, 20th century movie actress - See also “Good Cop, Bad Cop” 14Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
  • 15. 15 Liking & Cybersecurity … 1. Recruit a popular member of a workgroup as a helper and ally for InfoSec initiatives. 2. Set a group goal for security behaviors, with rewards for improvements. Cori Faklaris - October 2018 - TRISS 2018 | Page15 @heycori
  • 16. 5. Authority We have an instinct to obey people who are presented to us as authority figures and/or experts. “The apparel oft proclaims the man.” - Polonius in Hamlet, William Shakespeare 16Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
  • 17. 17 Authority & Cybersecurity … 1. Cite security experts or research to back up why you require a security tool or practice. 2. Train end users to avoid being tricked by fake authorities. Cori Faklaris - October 2018 - TRISS 2018 | Page17 You should be thinking right now: Is this a legitimate business card??? @heycori
  • 19. 6. Scarcity Limiting access to a resource (or seeming to) makes it more desirable. “Don’t wait! Last chance before they’re gone!” - Type of phrase often used in advertising copy 19Cori Faklaris - October 2018 - TRISS 2018 | Page 2 @heycori
  • 20. 20 Scarcity & Cybersecurity … 1. Frame the use of security tools or practices in terms of losses rather than benefits. 2. Avoid erratic enforcement that leads to revoking privileges from end users. Cori Faklaris - October 2018 - TRISS 2018 | Page20 1 in 5 breaches can’t be prevented by implementing 2FA - I need to stay vigilant for hackers! @heycori
  • 21. 21 Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Robert B. Cialdini. 2001 (4th ed.). Influence. A. Michel Port Harcourt. Cori Faklaris - October 2018 - TRISS 2018 | Page21 @heycori
  • 22. Works in Progress ✖ Psychometric scale to help target end-user interventions by security sensitivity. ✖ “Security score” for end users. ✖ Game apps to simulate social actions and competition around security practices. ✖ Interviews with IT professionals about challenges for workgroups who share accounts and devices. ✖ Browser plugin to make crowd opinions about privacy & security settings observable. Cori Faklaris - October 2018 - TRISS 2018 | Page22 @heycori
  • 23. 23Cori Faklaris - October 2018 - TRISS 2018 | Page23 @heycori Das, Sauvik, "Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior" (2017). Dissertations. 982. http://repository.cmu.e du/dissertations/982 “Security Sensitivity” indicates an end user’s degree of receptiveness to advice and to using security tools and best practices in everyday life.
  • 24. Works in Progress ✖ Psychometric scale to help target security interventions by readiness to change. ✖ “Security score” for end users. ✖ Game apps to simulate social actions and competition around security practices. ✖ Interviews with IT professionals about challenges for workgroups who share accounts and devices. ✖ Browser plugin to make crowd opinions about privacy & security settings observable. Cori Faklaris - October 2018 - TRISS 2018 | Page24 @heycori
  • 25. https://sijier.000webhostapp.com/ 25Cori Faklaris - October 2018 - TRISS 2018 | Page25 @heycori
  • 26. Works in Progress ✖ Psychometric scale to help target security interventions by readiness to change. ✖ “Security score” for end users. ✖ Game apps to simulate social actions and competition around security practices. ✖ Interviews with IT professionals about challenges for workgroups who share accounts and devices. ✖ Browser plugin to make crowd opinions about privacy & security settings observable. Cori Faklaris - October 2018 - TRISS 2018 | Page26 @heycori
  • 27. 27Cori Faklaris - October 2018 - TRISS 2018 | Page27 @heycori Try it at https://tinyurl.com/CrowdFBTool
  • 28. Cialdini’s ‘Weapons of Influence’ 1. Reciprocation 2. Commitment and Consistency 3. Social Proof 4. Liking 5. Authority 6. Scarcity Any Questions? Partnership Ideas? You can find me at ● Email: heycori @cmu.edu ● Website: http://corifaklaris.com @heycori

Editor's Notes

  1. We are looking at how to apply Cialdini et al.’s social influence theory to problems in end-user cybersecurity. Such as, how your close friends influence your actions, or how your larger community or social network influences you.
  2. An example of Cialdini’s “social proof” concept in action is Facebook’s visual cues to which of your “friends” have engaged with a recent post. These social cues nudge user behaviors such as posting more often to get the reward of social approval (and, maybe, nudge offline behaviors as well).
  3. https://sijier.000webhostapp.com/