Keywords:  Cybersecurity Education and Training,

2016

The Security Behavior Observatory

Serge Egelman, Research Director, International Computer Science Institute, UC Berkeley
Alessandro Acquisti, Professor, Heinz College of Information Systems and Public Policy, Carnegie Mellon University
Lorrie Cranor, Director|Professor, CyLab Security and Privacy Institute, Carnegie Mellon University
Nicolas Christin, Associate Professor, School of Computer Science, Carnegie Mellon University
Rahul Telang, Professor, Heinz College of Information Systems and Public Policy, Carnegie Mellon University

Security issues often occur when there are disconnects between users’ understanding of their role in computer security and what is expected of them. To help users make better security decisions, we need insights into the daily challenges users face. We have developed the Security Behavior Observatory (SBO), a panel of participants consenting to our observing their daily computing behavior, so that we can understand what constitutes “insecure” behavior. By combining qualitative user interviews with quantitative system measurements from the SBO, we propose to undertake several studies that aim to precisely qualify what constitutes risky behavior. More specifically, we want to determine what are the specific actions users take that result in an insecure system, and why users undertake these actions in the first place. Ultimately, a better understanding of how users get infected could inform future policies towards unwanted software distribution, and can help us design more effective user-centered mitigations.