SaTC: EDU: Collaborative: Personalized Cybersecurity Education and Training

SaTC：EDU：协作：个性化网络安全教育和培训

• 批准号: 1918591
• 负责人: Shelia Kennison
• 金额: $ 27.49万
• 依托单位: Oklahoma State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-07-01 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1918591&HistoricalAwards=false
• 关键词: SaTC; EDU; Collaborative; Personalized; Cybersecurity

The average citizen is often unaware of common strategies to protect themselves from cybersecurity threats. Consequently, large numbers of computer users are vulnerable to lapses in security from actions such as choosing weak passwords, clicking on phishing links, opening attachments from unknown senders, ignoring security warnings on devices, and falling victim to social engineering or identity theft. Although there have been many studies on training and educating people on cybersecurity best practices, the fact that these vulnerabilities are still being exploited imply that current training is not effective for all users. The objective of this project is to effectively educate the average user about common cybersecurity threats so that they are not vulnerable to these types of attacks. The project will create new education modules that are personalized to each user, building on the fact that different users have different personalities and may react to threats in different ways. The result could be more cybersecurity-aware citizens, which could reduce the number of "easy" hacks and cyber thefts. It has already been shown that different models are needed to effectively educate individuals with different personality traits and learning behaviors. There is no "one-size-fits-all" model. The researchers' aims are to 1) increase cybersecurity compliance with schema matching messages, and 2) develop and evaluate the effectiveness of cybersecurity education modules. The researchers have shown that individual differences in personality traits can be used to predict cybersecurity perceptions and practices. The research will classify personalities through analysis of the language of social media. Personalized cybersecurity education modules will then be developed and evaluated. Users' personalities will be assigned based on the "True Colors" Personality Categories, which are based on the Myers-Briggs personality categories, and the Big Five Personality traits. This personalized education module approach could be applied in other areas such as management, teaching, and safety training. Moreover, users will become more security-aware which could lead to a reduction in cybersecurity breaches.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

普通公民往往不知道保护自己免受网络安全威胁的常见策略。 因此，大量计算机用户容易受到安全漏洞的影响，例如选择弱密码，点击网络钓鱼链接，打开来自未知恶意软件的附件，忽略设备上的安全警告，以及成为社会工程或身份盗窃的受害者。虽然有许多关于培训和教育人们了解网络安全最佳做法的研究，但这些漏洞仍被利用的事实意味着目前的培训对所有用户都无效。 该项目的目标是有效地教育普通用户了解常见的网络安全威胁，使他们不容易受到这些类型的攻击。 该项目将创建针对每个用户个性化的新教育模块，并建立在不同用户具有不同个性并可能以不同方式对威胁作出反应的基础上。 其结果可能是更多的网络安全意识的公民，这可能会减少“容易”的黑客攻击和网络盗窃的数量。已经表明，需要不同的模式来有效地教育具有不同个性特征和学习行为的个人。没有“一刀切”的模式。研究人员的目标是：1）通过模式匹配消息提高网络安全合规性，2）开发和评估网络安全教育模块的有效性。研究人员已经证明，个性特征的个体差异可以用来预测网络安全的认知和实践。该研究将通过分析社交媒体的语言来对个性进行分类。然后将开发和评估个性化的网络安全教育模块。用户的个性将根据“真实色彩”个性类别进行分配，这些类别基于迈尔斯-布里格斯个性类别和五大个性特征。这种个性化的教育模块方法可以应用于其他领域，如管理，教学和安全培训。此外，用户将变得更加安全意识，这可能会导致网络安全漏洞的减少。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Impact of Personality Types and Matching Messaging on Password Strength

个性类型和匹配消息对密码强度的影响

• DOI: 10.4108/eai.1-6-2021.170012
• 发表时间: 2021
• 期刊: ICST Transactions on Security and Safety
• 作者: Bakas, Anna;Wagner, Anne;Johnston, Spencer;Kennison, Shelia;Chan-Tin, Eric
• 通讯作者: Chan-Tin, Eric