Despite increased efforts to improve cyber-security for organisations and individuals, growing reports of breaches and attacks suggest that not only are we more vulnerable than ever, but also that there "is no obvious solution to the problem of cyber-security" (Garfinkel, 2012, p. 32). As technology has become embedded in virtually all aspects of everyday life, and more and more people are engaged in interactions with systems, it seems likely that the 'problem' of cyber-security will remain unsolved in the foreseeable future. While it has become accepted wisdom that cyber-security is a 'socio-technical' system, with both technical and human elements, making advances based on this understanding has proved difficult. In part this is due to the diversity of both people and the social contexts in which they live their lives, and the systems with which they interact. At the same time, the public discourse and guidance about cyber-security is confusing and often inappropriately targeted. For instance, the term 'cyber-security' can be used to encompass a wide range of attitudes, behaviours, technologies and threats ranging from authentication methods, SCADA systems, spear phishing and cyber-bullying, with interventions poorly targeted and overly technology-threat based. Crucially, however, the experience and understanding of the cyber-security problem is not the same for everyone and the cSALSA project seeks to address the fundamental challenge of how we can more fully understand a diverse range of cyber-security experiences, attitudes and behaviours in order to design better, more effective cyber-security services and educational materials.
In the cSALSA project, we take a lifespan approach to studying how cyber-security is understood, and the attitudes and behaviours of people to cyber-security and risk. The project will study cyber-security across three main life stages - amongst young people, those of working age, and older people. The research project will focus on how people's attitudes and behaviours towards cyber-security and risk change across the lifespan in sync with their goals and aspirations, cognitive abilities and knowledge and ability to control and adapt their cyber-security behaviour. Importantly, we recognize that neither cyber-security related behaviours nor life course development occur in a vacuum. Rather, they are part of a complex inter-play of individual characteristics, elements shared with others in a particular life stage, and the dynamic context in which the person finds themselves. These contexts include aspects of family life, organizational structures, cognitive capacity and knowledge, and social support networks.
We propose a three pronged approach to studying these three life stages: (1) research investigating how cyber-security is understood and framed in everyday language across the lifespan; (2) in-depth qualitative and quantitative work on cyber-security attitudes, knowledge and behaviour across our three points in life, with a specific focus on how the dynamics of people's lives influences how cyber-security is understood, risks appraised and talked about, and actions taken; and (3) specific work on metrics for cyber-security, and the development of new psychometrically validated measures of cyber-security perceptions and behaviours.
|