EPSRC logo

Details of Grant 

EPSRC Reference: EP/P011829/1
Title: Supporting Security Policy with Effective Digital Intervention (SSPEDI)
Principal Investigator: Collinson, Dr MJ
Other Investigators:
Oren, Professor N Vasconcelos, Professor W Lin, Dr C
Masthoff, Professor J
Researcher Co-Investigators:
Project Partners:
Aberdeen City Council Eindhoven University of Technology National Grid
University of Trento University of Utah
Department: Computing Science
Organisation: University of Aberdeen
Scheme: Standard Research
Starts: 27 March 2017 Ends: 25 October 2020 Value (£): 756,644
EPSRC Research Topic Classifications:
Artificial Intelligence Human-Computer Interactions
Psychology
EPSRC Industrial Sector Classifications:
Information Technologies
Related Grants:
Panel History:
Panel DatePanel NameOutcome
10 Nov 2016 Human Dimensions of Cyber Security Announced
Summary on Grant Application Form
The behaviour of people is known to be critical to the security of organizations across all sectors of the economy. As users of IT systems, their action, or inaction, can create cyber security vulnerabilities. For example, users can be tempted to give away their authentication credentials (by phishing), to install malign software (malware), choose weak or inadequate passwords, or they may fail to install security patches, to scan computers for viruses, or to make secure backups of critical data.

Organizations design security policies which users are supposed to follow, for example, instructing them not to give away their authentication (login) credentials, or not to open certain kinds of attachments sent in unsolicited emails. However, in practice, managers find it very difficult to encourage users to follow policy.

This project will investigate effective ways to improve security communications with users, to enable them to understand security risks, and to persuade them to comply with policy. Our hypothesis is that to be most effective, communications and policy implementations must take into account individual personalities and motivations. Technological support is therefore required to support security communications and security persuasion so that it can scale up to large organizations.

We propose to transfer ideas and knowledge from the existing academic field of persuasive technologies and digital behaviour interventions, and apply them to the user security compliance problem. We will build, and trial, real technologies that implement persuasive strategies in real user security scenarios. These scenarios will be selected in partnership with industrial security practitioners.

The project takes a broad, interdisciplinary view of the roots of the user compliance challenge, and draws additionally on expert knowledge from the fields of psychology, behavioural decision, security, sentiment analysis and argumentation in search of solutions.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.abdn.ac.uk