CICI: USCC: Supporting Scientists as End-Users in Managing Security and Privacy

CICI：USCC：支持科学家作为最终用户管理安全和隐私

• 批准号: 2232863
• 负责人: Michelle Mazurek
• 金额: $ 60万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-06-01 至 2026-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2232863&HistoricalAwards=false
• 关键词: CICI; USCC; Supporting; Scientists; End

Scientific users are experts in their chosen fields, but may not be experts in computing in general or in security and privacy specifically.This research investigates scientific end-users, defined broadly, as a specialized user group in need of specific, targeted support for managing security and privacy of computing systems during their scientific endeavors. The goal of this work is to evaluate and improve end-user tools and processes for scientists managing security and privacy for their labs, by answering the following research questions: How do scientists think about security and privacy for their computing and data resources? What tools do scientists regularly use, and how do they enable or inhibit good security and privacy practices? And, how can the current situation be improved through better guidance and new standards, tools, or processes? This project enables improvements in security and privacy tools and processes for scientific workflows and develops workshops and guidance documents specifically targeted at scientists.This project uses surveys, interviews, document review, cognitive walkthroughs, and ethnographic embedding to investigate how scientists currently learn about and execute security- and privacy-relevant behaviors for their equipment and data. These studies are designed to gain insight into current tools and practices, as well as organizational incentives and barriers that affect security and privacy outcomes, in order to provide actionable improvements.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

科学用户是他们所选择的领域的专家，但可能不是一般的计算专家，也不是安全和隐私方面的专家。本研究调查了科学最终用户，广义上定义，作为一个专门的用户群体，需要特定的，有针对性的支持，在他们的科学工作过程中管理计算系统的安全和隐私。这项工作的目标是通过回答以下研究问题来评估和改进最终用户工具和流程，以便科学家管理其实验室的安全和隐私：科学家如何看待其计算和数据资源的安全和隐私？科学家经常使用哪些工具，它们如何实现或抑制良好的安全和隐私实践？此外，如何通过更好的指导和新的标准、工具或流程来改善目前的状况？该项目旨在改进科学工作流程的安全和隐私工具和流程，并专门针对科学家开发研讨会和指导文件。该项目使用调查、访谈、文件审查、认知步行和人种学嵌入来调查科学家目前如何了解和执行其设备和数据的安全和隐私相关行为。这些研究旨在深入了解当前的工具和实践，以及影响安全和隐私结果的组织激励和障碍，以便提供可操作的改进。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。