Human Factors of Cybersecurity and Privacy

My specific research area is the human factors of cybersecurity and privacy. This primarily includes an examination of human behavior as it relates to cybersecurity and privacy, whether in a personal setting or organizational context. The research problems I have explored have fallen into five general categories: 1) Psychological Factors; 2) Usable Security and Privacy; 3) Education, Training, and Awareness; 4) Methods and Measurements, and 5) Tools and Frameworks.

Psychological Factors

My primary research project has been an examination of psychological factors and risk perceptions. The progression of this project over the years has evolved to both a deeper and more meaningful understanding of how our risk perceptions are influenced by psychological factors. In addition to my primary project that examines risk and psychological factors in the context of the human factors of cybersecurity and privacy, a secondary project of mine examines psychological factors and social networking. The primary research that I am currently conducting in this area involves an examination of fear appeals, including both their efficacy and the ethics associated with their use, with my collaborator Karen Renaud.

Usable Security and Privacy

A secondary part of my research program has examined usable security and privacy. The project in this secondary area involves the examination of passwords and how to make them both easier and stronger. Efforts on this project originally began with an examination of visual passwords and has evolved to an exploration of password meters.

Education, Training, and Awareness

A less prominent part of my research program has examined the use of cybersecurity education, training, and awareness to effectuate positive behavioral change.

Methods and Measurements

Periodically, I conduct research that develops instrumentation or assesses the efficacy of certain methods. While this is not a prominent part of my research program, I do believe it makes an important contribution since others may gain important knowledge and resources that may help inform their own research programs.

Tools and Frameworks

Some of my research has involved the examination of tools and frameworks that may be used by organizations and consumers to improve their efficiency, security, and understanding of the cybersecurity threats that exist. The work has been important and in many respects novel to current practices.