Bhagavatula_Sruti.pdf (1.03 MB)
Download file

Measuring and Increasing the Reach of Security Information Through Online Media

Download (1.03 MB)
thesis
posted on 04.11.2021, 21:09 by Sruti BhagavatulaSruti Bhagavatula
With the growing number of technologies that have developed over the past several years and the similarly growing number of cyber attacks, people should ideally
be aware of how to keep their information and systems safe. In general, awareness of security and privacy best practices is important for developing good security habits. Learning about real-world security incidents and data breaches can also alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior online. In addition to awareness, it is important for people to take action to improve the security of their systems, particularly in the wake of a security incident or data breach. While prior work has been able to study problems about security awareness and incidents within a broad scope due to the affordances of self-reported methodologies, such studies largely relied on
hypothetical or experimental scenarios. In this thesis, we take steps towards (1) filling in the gap of a missing empirical understanding of engagement and action with security and privacy events through measurable behaviors, (2) understanding the effectiveness of social media as a platform for increasing the dissemination of security and privacy advice and for encouraging action, and (3) providing specific guidance for how security and privacy information
may be shared on social media to encourage engagement and re-distribution. Through measurements of real-world browsing and password data, we first show that online engagement with content related to large-scale security and privacy incidents is rare and that very few factors may encourage people to try to read more about incidents. We then show, by specifically analyzing password data, that people rarely take action after password breaches, much less action that is constructive, even when the breach definitely affected them. In understanding social media’s effectiveness for disseminating security and privacy information, we find that discussions about security and privacy are scarce on Facebook and Twitter and that when these topics are discussed, they are often not discussed constructively. Finally, by analyzing Reddit posts about security and privacy, we identify and shed light on how
security and privacy information may be shared on social media such that it garners wider spread and effectiveness.

History

Date

28/09/2021

Degree Type

Dissertation

Department

Institute for Software Research

Degree Name

  • Doctor of Philosophy (PhD)

Advisor(s)

Lujo Bauer