Supporting Statement
Explain who will be surveyed and why the group is appropriate to survey.
The Visualization and Usability Group (VUG) of the Information Technology Laboratory (ITL), National Institute of Standards and Technology (NIST), is conducting an in-depth interview study of user’s perceptions of online security. The intent is to recruit 150 participants, for which participants will be grouped into three categories according to exposure to security controls.
The low exposure group will have minimal experience with e-mail programs and search tools. The medium exposure group will have experience with email, on-line shopping, and social networking. High exposure groups will have experience with exposure to more security controls (e.g., medium exposure and online banking and bill paying and configuration and administration of computer system).
The purpose of this project is to investigate user’s perceptions of online security, and to determine their self assessment of security knowledge, their knowledge and awareness of security terms, and their familiarity with security icons/images. VUG believe that by collecting this data they can identify and describe user’s security mental models. Understanding these mental models will assist us in identifying training needs and any limitations of current training programs.
2. Explain how the survey was developed including consultation with interested
parties, pretesting, and responses to suggestions for improvement.
The questionnaires developed are based on standard templates used by the NIST usability group. Similar background questions have been used in several previous studies. The in-depth perceptions of online security questionnaire are composed of questions from other peer reviewed research and most recently by our usability group in password research currently under way.
3. Explain how the survey will be conducted, how customers will be sampled if
fewer than all customers will be surveyed, expected response rate, and actions
your agency plans to take to improve the response rate.
Prior to the interview, each participant will have given informed consent to participate in the research study. After providing their participation consent, each participant will complete the demographic information survey questions. Participants will then begin answering the in-depth interview questions of online security. The instrument is intended to be an interview rather than in written form. Thus, although the questions seem to have simple and straightforward answers, when testing the instrument in the dry run VUG found that people like to explain and provide context with their answers and were very detailed in their explanations. While VUG could have curtailed this discussion, this context is critical to our understanding of the user’s perception of online security. The survey is estimated to take one hour to complete.
The expected response rate will be 100% since each participant will complete the survey as it is administered by NIST usability staff.
4. Describe how the results of the survey will be analyzed and used to generalize
the results to the entire customer population.
VUG intend to compare the participant responses across exposure groups. It hypothesize that participants who are exposed to different security requirements (e.g., online banking and bill paying, online shopping) may have higher levels of awareness and understanding of security requirements and terminology. We will compare the qualitative responses across groups and demographics to identify types of security mental models. From these mental models we hope to identify training and education techniques that will assist users in understanding the sometimes confusing and mentally taxing security domain.
| File Type | application/msword |
| Author | dyonder |
| Last Modified By | gbanks |
| File Modified | 2010-08-26 |
| File Created | 2010-08-26 |