UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Measuring the Success of Context-Aware Security Behaviour Surveys

Becker, I; Parkin, S; Sasse, MA; (2017) Measuring the Success of Context-Aware Security Behaviour Surveys. In: The LASER Workshop: Learning from Authoritative Security Experiment Results. USENIX Association: Arlington, VA, USA. Green open access

[img]
Preview
Text
Laser_17_Survey_reflections_updated-final.pdf - ["content_typename_Published version" not defined]

Download (143kB) | Preview

Abstract

Background: We reflect on a methodology for developing scenario-based security behaviour surveys that evolved through deployment in two large partner organisations (A & B). In each organisation, scenarios are grounded in workplace tensions between security and employees’ productive tasks. These tensions are drawn from prior interviews in the organisation, rather than using established but generic questionnaires. Survey responses allow clustering of participants according to predefined groups. Aim: We aim to establish the usefulness of framing survey questions around active security controls and problems experienced by employees, by assessing the validity of the clustering. We introduce measures for the appropriateness of the survey scenarios for each organisation and the quality of candidate answer options. We use these scores to articulate the methodological improvements between the two surveys. Method: We develop a methodology to verify the clustering of participants, where 516 (A) and 195 (B) free-text responses are coded by two annotators. Inter-annotator metrics are adopted to identify agreement. Further, we analyse 5196 (A) and 1824 (B) appropriateness and severity scores to measure the appropriateness and quality of the questions. Results: Participants rank questions in B as more appropriate than in A, although the variations in the severity of the answer options available to participants is higher in B than in A. We find that the scenarios presented in B are more recognisable to the participants, suggesting that the survey design has indeed improved. The annotators mostly agree strongly on their codings with Krippendorff’s α\textgreater0.7. A number of clusterings should be questioned, although α improves for reliable questionsby 0.15 from A to B. Conclusions: To be able to draw valid conclusions from survey responses, the train of analysis needs to be verifiable. Our approach allows us to further validate the clustering of responses by utilising free-text responses. Further, we establish the relevance and appropriateness of the scenarios for individual organisations. While much prior research draws on survey instruments from research before it, this is then often applied in a different context; in these cases adding metrics of appropriateness and severity to the survey design can ensure that results relate to the security experiences of employees.

Type: Proceedings paper
Title: Measuring the Success of Context-Aware Security Behaviour Surveys
Event: LASER 2017
Location: Arlingon, VA
Dates: 18 October 2017 - 19 October 2017
Open access status: An open access version is available from UCL Discovery
Publisher version: https://www.usenix.org/conference/laser2017/presen...
Language: English
Additional information: This version is the version of record. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/10038352
Downloads since deposit
6Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item