| EPSRC Reference: |
EP/P011829/1 |
| Title: |
Supporting Security Policy with Effective Digital Intervention (SSPEDI) |
| Principal Investigator: |
Collinson, Dr MJ |
| Other Investigators: |
|
| Researcher Co-Investigators: |
|
| Project Partners: |
|
| Department: |
Computing Science |
| Organisation: |
University of Aberdeen |
| Scheme: |
Standard Research |
| Starts: |
27 March 2017 |
Ends: |
25 October 2020 |
Value (£): |
756,644
|
| EPSRC Research Topic Classifications: |
| Artificial Intelligence |
Human-Computer Interactions |
| Psychology |
|
|
| EPSRC Industrial Sector Classifications: |
|
| Related Grants: |
|
| Panel History: |
| Panel Date | Panel Name | Outcome |
|
10 Nov 2016
|
Human Dimensions of Cyber Security
|
Announced
|
|
|
Summary on Grant Application Form |
The behaviour of people is known to be critical to the security of organizations across all sectors of the economy. As users of IT systems, their action, or inaction, can create cyber security vulnerabilities. For example, users can be tempted to give away their authentication credentials (by phishing), to install malign software (malware), choose weak or inadequate passwords, or they may fail to install security patches, to scan computers for viruses, or to make secure backups of critical data.
Organizations design security policies which users are supposed to follow, for example, instructing them not to give away their authentication (login) credentials, or not to open certain kinds of attachments sent in unsolicited emails. However, in practice, managers find it very difficult to encourage users to follow policy.
This project will investigate effective ways to improve security communications with users, to enable them to understand security risks, and to persuade them to comply with policy. Our hypothesis is that to be most effective, communications and policy implementations must take into account individual personalities and motivations. Technological support is therefore required to support security communications and security persuasion so that it can scale up to large organizations.
We propose to transfer ideas and knowledge from the existing academic field of persuasive technologies and digital behaviour interventions, and apply them to the user security compliance problem. We will build, and trial, real technologies that implement persuasive strategies in real user security scenarios. These scenarios will be selected in partnership with industrial security practitioners.
The project takes a broad, interdisciplinary view of the roots of the user compliance challenge, and draws additionally on expert knowledge from the fields of psychology, behavioural decision, security, sentiment analysis and argumentation in search of solutions.
|
|
Key Findings |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Potential use in non-academic contexts |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Impacts |
|
| Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
| Summary |
|
| Date Materialised |
|
|
|
|
Sectors submitted by the Researcher |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
| Project URL: |
|
| Further Information: |
|
| Organisation Website: |
http://www.abdn.ac.uk |