Societal Computing Thesis Proposal

  • Remote Access - Zoom
  • Virtual Presentation
  • Ph.D. Student
  • Ph.D. Program in Societal Computing
  • Institute for Software Research, Carnegie Mellon University
Thesis Proposals

Measuring and increasing the reach of security information through online media

Awareness of security and privacy best practices is necessary for developing good security habits. Learning about real-world security incidents and data breaches can also alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior. In addition to awareness, it is important for people to take action to improve the security of their systems, particularly in the wake of a security incident or data breach. Prior work studying awareness, comprehension, and likelihood of taking action has suggested that security and awareness is not widespread and that inclination to take security-enhancing actions only occurs under certain circumstances. However, prior work was largely conducted considering hypothetical scenarios. We do not have an empirical understanding of awareness and actions people actually take to enhance their digital security, for example, through measurable behaviors such as browsing or password habits, or gaining comprehension from online platforms such as social media.

In this thesis, we take steps towards (1) filling in the gap of a missing empirical understanding of engagement and action with security and privacy events through measurable behaviors; (2) understanding the effectiveness of social media as a platform for increasing the dissemination of security and privacy advice and for encouraging action; and (3) providing specific guidance for how security and privacy information can be shared on social media to encourage re-distribution and action. Through measurements of real-world browsing and password data, we first show that online engagement with content related to large-scale security and privacy incidents and constructive action after password breaches is rare. In understanding social media's effectiveness for discussing security and privacy, we find that discussions about security and privacy are scarce on Facebook and Twitter, interactions with this limited content have no relation to security behavior, and that when these topics are discussed, they are often not discussed constructively. Following this, we propose to shed light on how localized security and privacy information is within a social network, and on how security and privacy advice can be shared on social media such that they garner wider spread and effectiveness.

Thesis Committee:
Lujo Bauer (Chair)
Nicolas Christin
Timothy Libert
Apu Kapadia (Indiana University Bloomington)

Additional Proposal Information

Zoom Participation. See announcement.

For More Information, Please Contact: