I discuss some research that empirically illustrates the connection between social influences and security behaviors. I presented this talk at Enigma 2018.
Reveelium is meant to bridge the intelligence gap that antiviruses are confronted with and to cure all side-effects, bringing detection times down from a typical 12 months to 1 week and reduces false positives by 95%.
Agentless Patch Management for the Data CenterIvanti
Many organizations automate patch management in their end user environments, but often times the Data Center tends to be more manual. What if you could manage your Windows Servers in a better way? Agentlessly discovery, assess and remediation security vulnerabilities. Control your maintenance windows by choosing when to assess, stage updates, execute, and reboot systems. Manage physical and virtual servers, on premises or in the cloud. Contain virtual sprawl in your VMware environments with the ability to scan and automate patching for offline VMs and templates. Integrate into any orchestrator or automation solution using our REST or Powershell APIs to full script and automate patching of complex workloads. Did we mention this can all be done Agentlessly? Join our webinar to learn how.
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and how attendees can get started using our approach in their vulnerability management program.
Reveelium is meant to bridge the intelligence gap that antiviruses are confronted with and to cure all side-effects, bringing detection times down from a typical 12 months to 1 week and reduces false positives by 95%.
Agentless Patch Management for the Data CenterIvanti
Many organizations automate patch management in their end user environments, but often times the Data Center tends to be more manual. What if you could manage your Windows Servers in a better way? Agentlessly discovery, assess and remediation security vulnerabilities. Control your maintenance windows by choosing when to assess, stage updates, execute, and reboot systems. Manage physical and virtual servers, on premises or in the cloud. Contain virtual sprawl in your VMware environments with the ability to scan and automate patching for offline VMs and templates. Integrate into any orchestrator or automation solution using our REST or Powershell APIs to full script and automate patching of complex workloads. Did we mention this can all be done Agentlessly? Join our webinar to learn how.
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and how attendees can get started using our approach in their vulnerability management program.
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...Jason Hong
One of the largest outstanding problems in computer security is the need for higher awareness and use of available security tools. One promising but largely unexplored approach is to use social proof: by showing people that their friends use security features, they may be more inclined to explore those features, too. To explore the efficacy of this approach, we showed 50,000 people who use Facebook one of 8 security announcements—7 variations of social proof and 1 non-social control—to increase the exploration and adoption of three security features: Login Notifications, Login Approvals, and Trusted Contacts. Our results indicated that simply showing people the number of their friends that used security features was most effective, and drove 37% more viewers to explore the promoted security features compared to the non-social announcement (thus, raising awareness). In turn, as social announcements drove more people to explore security features, more people who saw social announcements adopted those features, too. However, among those who explored the promoted features, there was no difference in the adoption rate of those who viewed a social versus a non-social announcement. In a follow up survey, we confirmed that the social announcements raised viewer’s awareness of available security features.
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Elissa Redmiles
A growing number of contact tracing apps are being developed to complement manual contact tracing. Yet, for these technological solutions to benefit public health, users must be willing to adopt these apps. While privacy was the main consideration of experts at the start of contact tracing app development, privacy is only one of many factors in users' decision to adopt these apps. In this talk I showcase the value of taking a descriptive ethics approach to setting best practices in this new domain. Descriptive ethics, introduced by the field of moral philosophy, determines best practices by learning directly from the user -- observing people’s preferences and inferring best practice from that behavior -- instead of exclusively relying on experts' normative decisions. This talk presents an empirically-validated framework of the inputs that factor into a user's decision to adopt COVID19 contact tracing apps, including app accuracy, privacy, benefits, and mobile costs. Using predictive models of users' likelihood to install COVID apps based on quantifications of these factors, I show how high the bar is for these apps to achieve adoption and suggest user-driven directions for ethically encouraging adoption.
We are pleased to present the findings of The State of Mobile Application Insecurity sponsored by IBM. The purpose of this research is to understand how companies are reducing the risk of unsecured mobile apps in the workplace.
Insightful Research: The State of Mobile Application Insecurity Casey Lucas
The State of Mobile Application Insecurity
Customer need and demand often affect mobile application security. 65% of the participants in this study strongly agree that the security of mobile apps is sometimes put at risk because of expanding customer demand or need.
That said, the purpose of this research is to understand how companies are reducing the risk of unsecured mobile apps in the workplace.
Ponemon Institute surveyed 640 individuals involved in the application development and security process in their organizations on the following topics:
- Why mobile application security eludes many organizations.
- The difficulty in controlling employees’ risky behaviors.
- Are organizations taking the right steps to secure mobile apps?
Social Media: To Fear or Not - What's the Facts? Presented @ Atlantis Rising Campus in Second Life for Bernajean Porter. See AtlantisSeekers.ning.com for more details and information to join us in more conversations.
In this episode, Jeff Williams interviews Wayne Jackson of Sonatype. They discuss the results from The 2014 Open Source Development Survey, where 3,300 surveyed developers gave their honest opinions on everything from third-party code to internal policies and procedures. Topics included the implications on continuous application security, compliance measures, and application security automation.
The advancement of Information Technology has hastened the ability to disseminate information across the globe. In particular, the recent trends in ‘Social Networking’ have led to a spark in personally sensitive information being published on the World Wide Web. While such socially active websites are creative tools for expressing one’s personality it also entails serious privacy concerns. Thus, Social Networking websites could be termed a double edged sword. It is important for the law to keep abreast of these developments in technology. The purpose of this paper is to demonstrate the limits of extending existing laws to battle privacy intrusions in the Internet especially in the context of social networking. It is suggested that privacy specific legislation is the most appropriate means of protecting online privacy. In doing so it is important to maintain a balance between the competing right of expression, the failure of which may hinder the reaping of benefits offered by Internet technology
How to Make People Click on a Dangerous Link Despite their Security Awareness mark-smith
It is possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find the message plausible because they know the sender, or because it fits their expectations (context).
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...Sauvik Das
Thumprint authenticates and identifies individual members of a small local group through their expression of a single shared secret knock. It allows groups to have reasonably strong authentication that identifies individuals without requiring group members to keep secrets from one another.
More Related Content
Similar to Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...Jason Hong
One of the largest outstanding problems in computer security is the need for higher awareness and use of available security tools. One promising but largely unexplored approach is to use social proof: by showing people that their friends use security features, they may be more inclined to explore those features, too. To explore the efficacy of this approach, we showed 50,000 people who use Facebook one of 8 security announcements—7 variations of social proof and 1 non-social control—to increase the exploration and adoption of three security features: Login Notifications, Login Approvals, and Trusted Contacts. Our results indicated that simply showing people the number of their friends that used security features was most effective, and drove 37% more viewers to explore the promoted security features compared to the non-social announcement (thus, raising awareness). In turn, as social announcements drove more people to explore security features, more people who saw social announcements adopted those features, too. However, among those who explored the promoted features, there was no difference in the adoption rate of those who viewed a social versus a non-social announcement. In a follow up survey, we confirmed that the social announcements raised viewer’s awareness of available security features.
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Elissa Redmiles
A growing number of contact tracing apps are being developed to complement manual contact tracing. Yet, for these technological solutions to benefit public health, users must be willing to adopt these apps. While privacy was the main consideration of experts at the start of contact tracing app development, privacy is only one of many factors in users' decision to adopt these apps. In this talk I showcase the value of taking a descriptive ethics approach to setting best practices in this new domain. Descriptive ethics, introduced by the field of moral philosophy, determines best practices by learning directly from the user -- observing people’s preferences and inferring best practice from that behavior -- instead of exclusively relying on experts' normative decisions. This talk presents an empirically-validated framework of the inputs that factor into a user's decision to adopt COVID19 contact tracing apps, including app accuracy, privacy, benefits, and mobile costs. Using predictive models of users' likelihood to install COVID apps based on quantifications of these factors, I show how high the bar is for these apps to achieve adoption and suggest user-driven directions for ethically encouraging adoption.
We are pleased to present the findings of The State of Mobile Application Insecurity sponsored by IBM. The purpose of this research is to understand how companies are reducing the risk of unsecured mobile apps in the workplace.
Insightful Research: The State of Mobile Application Insecurity Casey Lucas
The State of Mobile Application Insecurity
Customer need and demand often affect mobile application security. 65% of the participants in this study strongly agree that the security of mobile apps is sometimes put at risk because of expanding customer demand or need.
That said, the purpose of this research is to understand how companies are reducing the risk of unsecured mobile apps in the workplace.
Ponemon Institute surveyed 640 individuals involved in the application development and security process in their organizations on the following topics:
- Why mobile application security eludes many organizations.
- The difficulty in controlling employees’ risky behaviors.
- Are organizations taking the right steps to secure mobile apps?
Social Media: To Fear or Not - What's the Facts? Presented @ Atlantis Rising Campus in Second Life for Bernajean Porter. See AtlantisSeekers.ning.com for more details and information to join us in more conversations.
In this episode, Jeff Williams interviews Wayne Jackson of Sonatype. They discuss the results from The 2014 Open Source Development Survey, where 3,300 surveyed developers gave their honest opinions on everything from third-party code to internal policies and procedures. Topics included the implications on continuous application security, compliance measures, and application security automation.
The advancement of Information Technology has hastened the ability to disseminate information across the globe. In particular, the recent trends in ‘Social Networking’ have led to a spark in personally sensitive information being published on the World Wide Web. While such socially active websites are creative tools for expressing one’s personality it also entails serious privacy concerns. Thus, Social Networking websites could be termed a double edged sword. It is important for the law to keep abreast of these developments in technology. The purpose of this paper is to demonstrate the limits of extending existing laws to battle privacy intrusions in the Internet especially in the context of social networking. It is suggested that privacy specific legislation is the most appropriate means of protecting online privacy. In doing so it is important to maintain a balance between the competing right of expression, the failure of which may hinder the reaping of benefits offered by Internet technology
How to Make People Click on a Dangerous Link Despite their Security Awareness mark-smith
It is possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find the message plausible because they know the sender, or because it fits their expectations (context).
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
Similar to Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior (20)
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...Sauvik Das
Thumprint authenticates and identifies individual members of a small local group through their expression of a single shared secret knock. It allows groups to have reasonably strong authentication that identifies individuals without requiring group members to keep secrets from one another.
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...Sauvik Das
Effective use of personal data is a core utility of modern smartphones. On Android, several challenges make developing compelling personal data applications difficult. First, personal data is stored in isolated silos. Thus, relationships between data from different providers are missing, data must be queried by source of origin rather than meaning and the persistence of different types of data differ greatly. Second, interfaces to these data are inconsistent and complex. In turn, developers are forced to interleave SQL with Java boilerplate, resulting in error- prone code that does not generalize. Our solution is Epistenet: a toolkit that (1) unifies the storage and treatment of mobile personal data; (2) preserves relationships between disparate data; (3) allows for expressive queries based on the meaning of data rather than its source of origin (e.g., one can query for all communications with John while at the park); and, (4) provides a simple, native query interface to facilitate development.
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...Sauvik Das
We explore the effects of providing rewards, such as money or candy, on response rates to friendsourcing requests as well as how those rewards affect perceived relationship strength.
Examining Game World Topology PersonalizationSauvik Das
We report on a preliminary investigation into whether there is value in personalizing game-world topologies for CRPGs as well as whether game-world topological preferences can be predicted from player behavior.
We talk about some preliminary work correlating pro-social behaviors in a popular first-person shooter game with other player retention and engagement metrics.
The ability to recreate computational results with minimal effort and actionable metrics provides a solid foundation for scientific research and software development. When people can replicate an analysis at the touch of a button using open-source software, open data, and methods to assess and compare proposals, it significantly eases verification of results, engagement with a diverse range of contributors, and progress. However, we have yet to fully achieve this; there are still many sociotechnical frictions.
Inspired by David Donoho's vision, this talk aims to revisit the three crucial pillars of frictionless reproducibility (data sharing, code sharing, and competitive challenges) with the perspective of deep software variability.
Our observation is that multiple layers — hardware, operating systems, third-party libraries, software versions, input data, compile-time options, and parameters — are subject to variability that exacerbates frictions but is also essential for achieving robust, generalizable results and fostering innovation. I will first review the literature, providing evidence of how the complex variability interactions across these layers affect qualitative and quantitative software properties, thereby complicating the reproduction and replication of scientific studies in various fields.
I will then present some software engineering and AI techniques that can support the strategic exploration of variability spaces. These include the use of abstractions and models (e.g., feature models), sampling strategies (e.g., uniform, random), cost-effective measurements (e.g., incremental build of software configurations), and dimensionality reduction methods (e.g., transfer learning, feature selection, software debloating).
I will finally argue that deep variability is both the problem and solution of frictionless reproducibility, calling the software science community to develop new methods and tools to manage variability and foster reproducibility in software systems.
Exposé invité Journées Nationales du GDR GPL 2024
Toxic effects of heavy metals : Lead and Arsenicsanjana502982
Heavy metals are naturally occuring metallic chemical elements that have relatively high density, and are toxic at even low concentrations. All toxic metals are termed as heavy metals irrespective of their atomic mass and density, eg. arsenic, lead, mercury, cadmium, thallium, chromium, etc.
This presentation explores a brief idea about the structural and functional attributes of nucleotides, the structure and function of genetic materials along with the impact of UV rays and pH upon them.
Seminar of U.V. Spectroscopy by SAMIR PANDASAMIR PANDA
Spectroscopy is a branch of science dealing the study of interaction of electromagnetic radiation with matter.
Ultraviolet-visible spectroscopy refers to absorption spectroscopy or reflect spectroscopy in the UV-VIS spectral region.
Ultraviolet-visible spectroscopy is an analytical method that can measure the amount of light received by the analyte.
Nutraceutical market, scope and growth: Herbal drug technologyLokesh Patil
As consumer awareness of health and wellness rises, the nutraceutical market—which includes goods like functional meals, drinks, and dietary supplements that provide health advantages beyond basic nutrition—is growing significantly. As healthcare expenses rise, the population ages, and people want natural and preventative health solutions more and more, this industry is increasing quickly. Further driving market expansion are product formulation innovations and the use of cutting-edge technology for customized nutrition. With its worldwide reach, the nutraceutical industry is expected to keep growing and provide significant chances for research and investment in a number of categories, including vitamins, minerals, probiotics, and herbal supplements.
Phenomics assisted breeding in crop improvementIshaGoswami9
As the population is increasing and will reach about 9 billion upto 2050. Also due to climate change, it is difficult to meet the food requirement of such a large population. Facing the challenges presented by resource shortages, climate
change, and increasing global population, crop yield and quality need to be improved in a sustainable way over the coming decades. Genetic improvement by breeding is the best way to increase crop productivity. With the rapid progression of functional
genomics, an increasing number of crop genomes have been sequenced and dozens of genes influencing key agronomic traits have been identified. However, current genome sequence information has not been adequately exploited for understanding
the complex characteristics of multiple gene, owing to a lack of crop phenotypic data. Efficient, automatic, and accurate technologies and platforms that can capture phenotypic data that can
be linked to genomics information for crop improvement at all growth stages have become as important as genotyping. Thus,
high-throughput phenotyping has become the major bottleneck restricting crop breeding. Plant phenomics has been defined as the high-throughput, accurate acquisition and analysis of multi-dimensional phenotypes
during crop growing stages at the organism level, including the cell, tissue, organ, individual plant, plot, and field levels. With the rapid development of novel sensors, imaging technology,
and analysis methods, numerous infrastructure platforms have been developed for phenotyping.
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...Travis Hills MN
Travis Hills of Minnesota developed a method to convert waste into high-value dry fertilizer, significantly enriching soil quality. By providing farmers with a valuable resource derived from waste, Travis Hills helps enhance farm profitability while promoting environmental stewardship. Travis Hills' sustainable practices lead to cost savings and increased revenue for farmers by improving resource efficiency and reducing waste.
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...University of Maribor
Slides from:
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Track: Artificial Intelligence
https://www.etran.rs/2024/en/home-english/
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Sérgio Sacani
Since volcanic activity was first discovered on Io from Voyager images in 1979, changes
on Io’s surface have been monitored from both spacecraft and ground-based telescopes.
Here, we present the highest spatial resolution images of Io ever obtained from a groundbased telescope. These images, acquired by the SHARK-VIS instrument on the Large
Binocular Telescope, show evidence of a major resurfacing event on Io’s trailing hemisphere. When compared to the most recent spacecraft images, the SHARK-VIS images
show that a plume deposit from a powerful eruption at Pillan Patera has covered part
of the long-lived Pele plume deposit. Although this type of resurfacing event may be common on Io, few have been detected due to the rarity of spacecraft visits and the previously low spatial resolution available from Earth-based telescopes. The SHARK-VIS instrument ushers in a new era of high resolution imaging of Io’s surface using adaptive
optics at visible wavelengths.
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptxMAGOTI ERNEST
Although Artemia has been known to man for centuries, its use as a food for the culture of larval organisms apparently began only in the 1930s, when several investigators found that it made an excellent food for newly hatched fish larvae (Litvinenko et al., 2023). As aquaculture developed in the 1960s and ‘70s, the use of Artemia also became more widespread, due both to its convenience and to its nutritional value for larval organisms (Arenas-Pardo et al., 2024). The fact that Artemia dormant cysts can be stored for long periods in cans, and then used as an off-the-shelf food requiring only 24 h of incubation makes them the most convenient, least labor-intensive, live food available for aquaculture (Sorgeloos & Roubach, 2021). The nutritional value of Artemia, especially for marine organisms, is not constant, but varies both geographically and temporally. During the last decade, however, both the causes of Artemia nutritional variability and methods to improve poorquality Artemia have been identified (Loufi et al., 2024).
Brine shrimp (Artemia spp.) are used in marine aquaculture worldwide. Annually, more than 2,000 metric tons of dry cysts are used for cultivation of fish, crustacean, and shellfish larva. Brine shrimp are important to aquaculture because newly hatched brine shrimp nauplii (larvae) provide a food source for many fish fry (Mozanzadeh et al., 2021). Culture and harvesting of brine shrimp eggs represents another aspect of the aquaculture industry. Nauplii and metanauplii of Artemia, commonly known as brine shrimp, play a crucial role in aquaculture due to their nutritional value and suitability as live feed for many aquatic species, particularly in larval stages (Sorgeloos & Roubach, 2021).
2. How can we design systems that
encourage better cybersecurity
behaviors?
3.
4. What makes people…
…use a PIN on their phone?
…enable two-factor authentication?
…keep their software updated?
…behave “securely”?
5. “I started using [a PIN]
because everyone around
me had a [PIN] so I kind of felt
a group pressure to also use a
[PIN].
6. “One of my boys wanted to
use my phone…so I gave
them my passcode. And not
that I have anything that I
don’t care for them to see or
anything, but after they did
that then I changed it”
7. “my friends...have a lot of
different accounts, the same
as me. But they didn’t get into
any trouble. So I think maybe
it will not be dangerous [to
reuse passwords].”
8. A lot of it is social.
Security behavior, like any human behavior,
is largely driven by social influence.
10. Absent knowledge of
how security and social
behaviors interact, we have
little hope of doing better
11. Measuring Social
Influence In
Security Behaviors
Improving Security
Behaviors with
Social Influence
Social influence strongly affects security behaviors,
and this effect is contingent upon the design of a
security tool affects its potential for social spread.
Making cybersecurity systems more social
can encourage better security behaviors.
12. Social influences strongly affect cybersecurity
behaviors, and we can encourage better behaviors
by designing more social cybersecurity systems.
14. MEASURING SOCIAL INFLUENCE IN
SECURITY BEHAVIORS
Das, S., Kramer, A., Dabbish, L., and Hong, Jason I. The Role of Social Influence in Security
Feature Adoption. Proc. CSCW’15.
15. Login Notifications Login Approvals Trusted Contacts
Analyzed how the (non)-use of three
optional security tools was affected by
friends' use of those tools for 1.5 million
Facebook user's social networks.
Standard Social
16. DATA COLLECTED
750k 750kusers who newly adopted one of
the aforementioned security tools.
“use-nots” who had not adopted one
of the aforementioned security tools.
18. MATCHED PROPENSITY SAMPLING
For each exposure level, compare adoption rate of
those who are exposed versus those who are not. This
is the effect of social influence.
For a given security tool, empirically select
exposure levels to friends who use that tool.
e.g., 1%, 5%, 10%...
Aral, S, Muchnik, L., and Sundarajan, A. Distinguishing influence-based contagion
from homophily-driven diffusion in dynamic networks. PNAS 106 (51). 2009.
19. 0
10
20
30
40
50
E1 E2 E3 E4 E5
DifferenceinAdoptionRate
Exposure to friends who use given security tool
20. 0
10
20
30
40
50
E1 E2 E3 E4 E5
DifferenceinAdoptionRate
Exposure to friends who use given security tool
No effect
21. 0
10
20
30
40
50
E1 E2 E3 E4 E5
DifferenceinAdoptionRate
Exposure to friends who use given security tool
No effect Expected effect
22. 0
10
20
30
40
50
E1 E2 E3 E4 E5
DifferenceinAdoptionRate
Exposure to friends who use given security tool
No effect Expected effect
Trusted Contacts
23. -50
-40
-30
-20
-10
0
10
20
30
40
50
E1 E2 E3 E4 E5
DifferenceinAdoptionRate
Exposure to friends who use given security tool
No effect Expected effect
Trusted Contacts Login Approvals
24. -50
-40
-30
-20
-10
0
10
20
30
40
50
E1 E2 E3 E4 E5
DifferenceinAdoptionRate
Exposure to friends who use given security tool
No effect Expected effect
Trusted Contacts Login Approvals
Login Notifications
What’s going on here?
30. Measuring Social
Influence In
Security Behaviors
Social influence strongly affects security behaviors,
and this effect is contingent upon the design of a
security tool affects its potential for social spread.
Improving Security
Behaviors with
Social Influence
31. IMPROVING SECURITY BEHAVIORS WITH
SOCIAL INFLUENCE
Das, S., Kramer, A., Dabbish, L., and Hong, Jason I. Increasing Security Sensitivity With Social
Proof: A Large-Scale Experimental Confirmation. Proc. CCS’14.
38. 46,235 (93%) logged in and saw announcement
5,971 (13%) clicked on an announcement
1,873 (4%) adopted one of the promoted
tools within 7 days
4,555 (10%) adopted one of the promoted
tools within 5 months
DESCRIPTIVE STATS
39. 8
9
10
11
12
13
14
15
Raw # Some Over # Only # Over % Only % Raw % Control
7d adoptions 5m adoptions Click-through rate
Raw # vs Control
1.36x
improvement
in CTR
1.10x
improvement
in adoptions
40. Measuring Social
Influence In
Security Behaviors
Social influence strongly affects security behaviors,
and this effect is contingent upon the design of a
security tool affects its potential for social spread.
Improving Security
Behaviors with
Social Influence
Making cybersecurity systems more social
can encourage better security behaviors.
41. How can we design systems that
encourage better cybersecurity
behaviors?
42. Observable Cooperative Stewarded
There is a fruitful but largely untapped opportunity to
improve cybersecurity behaviors by making social
systems that are more:
43. How can we make it easier for
people to observe and
emulate good security behaviors?
OBSERVABLE
44. How can we design additive security
systems that make group security a
sum instead of a min function?
COOPERATIVE
45. How can we design systems that allow
people to act on their concern for the
security of their loved ones?
STEWARDED
46. Social influences strongly affect cybersecurity
behaviors, and we can encourage better behaviors
by designing more social cybersecurity systems.
SOCIAL CYBERSECURITY
Reshaping Security Through An Empirical Understanding of Human
Social Behavior
Sauvik Das
Georgia Tech
sauvik@gatech.edu
@scyrusk