Related papers: Getting Users Smart Quick about Security: Results from 90 Minutes of Using a Persuasive Toolkit for Facilitating Information Security Problem Solving by Non-Professionals

Getting Users Smart Quick about Security: Results from 90 Minutes of Using a Persuasive Toolkit for Facilitating Information Security Problem Solving by Non-Professionals

URL: http://arxiv.org/abs/2209.02420v1
Date: Tue, 6 Sep 2022 11:37:21 GMT
Title: Getting Users Smart Quick about Security: Results from 90 Minutes of Using a Persuasive Toolkit for Facilitating Information Security Problem Solving by Non-Professionals
Authors: Martin Ruskov, Paul Ekblom, M. Angela Sasse
Abstract summary: A balanced level of user engagement in security is difficult to achieve due to difference of priorities between the business perspective and the security perspective. We have developed a persuasive software toolkit to engage users in structured discussions about security vulnerabilities in their company. In the research reported here we examine how non-professionals perceived security problems through a short-term use of the toolkit.
Score: 2.4923006485141284
License: http://creativecommons.org/licenses/by/4.0/
Abstract: There is a conflict between the need for security compliance by users and the fact that commonly they cannot afford to dedicate much of their time and energy to that security. A balanced level of user engagement in security is difficult to achieve due to difference of priorities between the business perspective and the security perspective. We sought to find a way to engage users minimally, yet efficiently, so that they would both improve their security awareness and provide necessary feedback for improvement purposes to security designers. We have developed a persuasive software toolkit to engage users in structured discussions about security vulnerabilities in their company and potential interventions addressing these. In the toolkit we have adapted and integrated an established framework from conventional crime prevention. In the research reported here we examine how non-professionals perceived security problems through a short-term use of the toolkit. We present perceptions from a pilot lab study in which randomly recruited participants had to analyze a crafted insider threat problem using the toolkit. Results demonstrate that study participants were able to successfully identify causes, propose interventions and engage in providing feedback on proposed interventions. Subsequent interviews show that participants have developed greater awareness of information security issues and the framework to address these, which in a real setting would lead ultimately to significant benefits for the organization. These results indicate that when well-structured such short-term engagement is sufficient for users to meaningfully take part in complex security discussions and develop in-depth understanding of theoretical principles of security.

Related papers

Open Problems in Machine Unlearning for AI Safety [61.43515658834902]
Machine unlearning -- the ability to selectively forget or suppress specific types of knowledge -- has shown promise for privacy and data removal tasks. In this paper, we identify key limitations that prevent unlearning from serving as a comprehensive solution for AI safety.
arXiv Detail & Related papers (2025-01-09T03:59:10Z)
Agent-SafetyBench: Evaluating the Safety of LLM Agents [72.92604341646691]
We introduce Agent-SafetyBench, a comprehensive benchmark to evaluate the safety of large language models (LLMs) Agent-SafetyBench encompasses 349 interaction environments and 2,000 test cases, evaluating 8 categories of safety risks and covering 10 common failure modes frequently encountered in unsafe interactions. Our evaluation of 16 popular LLM agents reveals a concerning result: none of the agents achieves a safety score above 60%.
arXiv Detail & Related papers (2024-12-19T02:35:15Z)
Multimodal Situational Safety [73.63981779844916]
We present the first evaluation and analysis of a novel safety challenge termed Multimodal Situational Safety. For an MLLM to respond safely, whether through language or action, it often needs to assess the safety implications of a language query within its corresponding visual context. We develop the Multimodal Situational Safety benchmark (MSSBench) to assess the situational safety performance of current MLLMs.
arXiv Detail & Related papers (2024-10-08T16:16:07Z)
Trust, but Verify: Evaluating Developer Behavior in Mitigating Security Vulnerabilities in Open-Source Software Projects [0.11999555634662631]
This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects. We have identified common issues in outdated or unmaintained dependencies, that pose significant security risks. Results suggest that reducing the number of direct dependencies and prioritizing well-established libraries with strong security records are effective strategies for enhancing the software security landscape.
arXiv Detail & Related papers (2024-08-26T13:46:48Z)
Enhancing Security Awareness Through Gamified Approaches [0.21990652930491858]
Gamification is a new concept in the field of information security awareness training (SAT) campaigns. This paper examines the effectiveness ofGamification in promoting security awareness among smart meter components for smart grid users/operators. It can be demonstrated that the scores of participants in the three levels have improved by 40%, 35% and 29%, respectively.
arXiv Detail & Related papers (2024-04-13T17:32:05Z)
The Art of Defending: A Systematic Evaluation and Analysis of LLM Defense Strategies on Safety and Over-Defensiveness [56.174255970895466]
Large Language Models (LLMs) play an increasingly pivotal role in natural language processing applications. This paper presents Safety and Over-Defensiveness Evaluation (SODE) benchmark.
arXiv Detail & Related papers (2023-12-30T17:37:06Z)
The Last Decade in Review: Tracing the Evolution of Safety Assurance Cases through a Comprehensive Bibliometric Analysis [7.431812376079826]
Safety assurance is of paramount importance across various domains, including automotive, aerospace, and nuclear energy. The use of safety assurance cases allows for verifying the correctness of the created systems capabilities, preventing system failure.
arXiv Detail & Related papers (2023-11-13T17:34:23Z)
Communicating on Security within Software Development Issue Tracking [0.0]
We analyse interfaces from prominent issue trackers to see how they support security communication and how they integrate security scoring. Users in our study were not comfortable with CVSS analysis, though were able to reason in a manner compatible with CVSS. This suggests that adding improvements to communication through CVSS-like questioning in issue tracking software can elicit better security interactions.
arXiv Detail & Related papers (2023-08-25T16:38:27Z)
Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
arXiv Detail & Related papers (2023-07-14T16:03:27Z)
Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
Surveying Vulnerable Populations: A Case Study of Civil Society Organizations [9.467149414264039]
We conducted an anonymous online survey with 102 CSO employees to collect information about their perceived risks of different security and privacy threats. We uncovered several issues with our methodology, including the length of the survey, the framing of the questions, and the design of the recruitment email. We hope that the discussion presented in this paper will inform and assist researchers and practitioners working on understanding and improving the security and privacy of CSOs.
arXiv Detail & Related papers (2020-03-19T05:30:21Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.