Cyber-Security across the Life Span (cSaLSA)

整个生命周期的网络安全 (cSaLSA)

• 批准号: EP/P011454/1
• 负责人: Adam Joinson
• 金额: $ 67.84万
• 依托单位: University of Bath
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2017
• 资助国家: 英国
• 起止时间: 2017 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FP011454%2F1
• 关键词: Cyber; Security; across; Life; Span

Despite increased efforts to improve cyber-security for organisations and individuals, growing reports of breaches and attacks suggest that not only are we more vulnerable than ever, but also that there "is no obvious solution to the problem of cyber-security" (Garfinkel, 2012, p. 32). As technology has become embedded in virtually all aspects of everyday life, and more and more people are engaged in interactions with systems, it seems likely that the 'problem' of cyber-security will remain unsolved in the foreseeable future. While it has become accepted wisdom that cyber-security is a 'socio-technical' system, with both technical and human elements, making advances based on this understanding has proved difficult. In part this is due to the diversity of both people and the social contexts in which they live their lives, and the systems with which they interact. At the same time, the public discourse and guidance about cyber-security is confusing and often inappropriately targeted. For instance, the term 'cyber-security' can be used to encompass a wide range of attitudes, behaviours, technologies and threats ranging from authentication methods, SCADA systems, spear phishing and cyber-bullying, with interventions poorly targeted and overly technology-threat based. Crucially, however, the experience and understanding of the cyber-security problem is not the same for everyone and the cSALSA project seeks to address the fundamental challenge of how we can more fully understand a diverse range of cyber-security experiences, attitudes and behaviours in order to design better, more effective cyber-security services and educational materials. In the cSALSA project, we take a lifespan approach to studying how cyber-security is understood, and the attitudes and behaviours of people to cyber-security and risk. The project will study cyber-security across three main life stages - amongst young people, those of working age, and older people. The research project will focus on how people's attitudes and behaviours towards cyber-security and risk change across the lifespan in sync with their goals and aspirations, cognitive abilities and knowledge and ability to control and adapt their cyber-security behaviour. Importantly, we recognize that neither cyber-security related behaviours nor life course development occur in a vacuum. Rather, they are part of a complex inter-play of individual characteristics, elements shared with others in a particular life stage, and the dynamic context in which the person finds themselves. These contexts include aspects of family life, organizational structures, cognitive capacity and knowledge, and social support networks. We propose a three pronged approach to studying these three life stages: (1) research investigating how cyber-security is understood and framed in everyday language across the lifespan; (2) in-depth qualitative and quantitative work on cyber-security attitudes, knowledge and behaviour across our three points in life, with a specific focus on how the dynamics of people's lives influences how cyber-security is understood, risks appraised and talked about, and actions taken; and (3) specific work on metrics for cyber-security, and the development of new psychometrically validated measures of cyber-security perceptions and behaviours.

尽管加强了为组织和个人改善网络安全的努力，但越来越多的入侵和攻击报告表明，我们不仅比以往任何时候都更容易受到攻击，而且“网络安全问题没有明显的解决方案”(Garfinkel，2012，p.32)。随着技术几乎已经深入到日常生活的方方面面，越来越多的人参与到与系统的交互中，在可预见的未来，网络安全的“问题”似乎仍将得不到解决。尽管人们普遍认为，网络安全是一个既有技术因素又有人的“社会-技术”系统，但事实证明，在这种理解的基础上取得进展是困难的。这在一定程度上是由于人的多样性和他们生活的社会背景，以及他们与之互动的系统。与此同时，关于网络安全的公开言论和指导令人困惑，而且往往不适当地具有针对性。例如，“网络安全”一词可用于涵盖广泛的态度、行为、技术和威胁，从认证方法、SCADA系统、鱼叉式网络钓鱼和网络欺凌，干预措施针对性不强，过于依赖技术威胁。然而，至关重要的是，每个人对网络安全问题的体验和理解并不相同，cSALSA项目试图解决一个根本挑战，即我们如何能够更充分地了解各种网络安全经验、态度和行为，以便设计更好、更有效的网络安全服务和教育材料。在cSALSA项目中，我们采用生命周期的方法来研究如何理解网络安全，以及人们对网络安全和风险的态度和行为。该项目将研究三个主要生命阶段的网络安全-年轻人、工作年龄的人和老年人。该研究项目将侧重于人们对网络安全的态度和行为如何在整个生命周期内与他们的目标和抱负、认知能力以及控制和调整其网络安全行为的知识和能力同步变化。重要的是，我们认识到，与网络安全有关的行为或生命历程的发展都不是在真空中发生的。相反，它们是个人特征、在特定生命阶段与他人共享的元素以及个人发现自己所处的动态环境的复杂相互作用的一部分。这些背景包括家庭生活、组织结构、认知能力和知识以及社会支持网络等方面。我们提出了一个三管齐下的方法来研究这三个生命阶段：(1)研究如何在整个生命周期内用日常语言来理解和构建网络安全；(2)深入地定性和定量地研究我们生活中的三个阶段的网络安全态度、知识和行为，特别关注人们生活的动态如何影响如何理解网络安全、评估和谈论风险以及采取的行动；以及(3)关于网络安全度量的具体工作，以及开发新的心理测量学验证的网络安全感知和行为的测量方法。

项目成果

Development of a new 'human cyber-resilience scale'

开发新的“人类网络弹性量表”

• DOI: 10.1093/cybsec/tyad007
• 发表时间: 2023
• 期刊: Journal of Cybersecurity
• 影响因子: 3.9
• 作者: Joinson A

The assemblages of flagging and de-platforming against marginalised content creators

针对边缘化内容创作者的标记和去平台化组合

• DOI: 10.1177/13548565231218629
• 发表时间: 2023
• 期刊: The International Journal of Research into New Media Technologies
• 作者: Are C

What is 'Cyber Security'?

什么是“网络安全”？

• DOI: 10.1145/3290607.3312786
• 发表时间: 2019
• 作者: Jones S

Developing a measure of information seeking about phishing

制定有关网络钓鱼的信息搜索措施

• DOI: 10.1093/cybsec/tyaa001
• 发表时间: 2020
• 期刊: Journal of Cybersecurity
• 影响因子: 3.9
• 作者: Joinson A

How creators manage the risks and constraints of online hyper(in)visibility - Interview record

创作者如何管理在线超可见度的风险和限制 - 采访记录

• DOI: 10.25398/rd.northumbria.24985968
• 发表时间: 2024
• 作者: Are C