Survey Information Collection
Explain who will be surveyed and why the group is appropriate to survey.
The Information Access Division (IAD), of the Information Technology Laboratory (ITL), at the National Institute of Standards and Technology (NIST) is leading this information collection.
Human-centered security research considers the human, social, and organizational factors – and the interactions between them – related to security processes, technologies, products, policies, etc. The purpose of this survey is to understand current human-centered security researcher-practitioner interaction points and associated challenges throughout the entire research lifecycle. Study insights can inform the creation of bridges between human-centered security researchers and cybersecurity practitioners that result in research that is more relevant and actionable to practitioners. Therefore, it is necessary and appropriate to survey people who conduct human-centered security research to learn about their interactions with practitioners and how practitioners inform their research design, analysis, and outputs.
NIST will survey 150 human-centered security researchers. The information being requested is not available from public sources as this is the first study to focus on research-practice interactions for this specific research domain. A copy of the recruitment text to be used has been uploaded into ROCIS for review.
2. Explain how the survey was developed including consultation with interested
parties, pretesting, and responses to suggestions for improvement.
The survey questions were developed and refined based on the following: 1) prior research identifying research-practice gaps in human-computer interaction, cybersecurity, and other domains and 2) discussions with human-centered security researchers about their own challenges interacting with practitioners throughout the research lifecycle and producing practitioner-focused outputs.
The survey questions were reviewed by two human-centered security researchers to ensure the language and questions were appropriately tailored for the study population. Feedback from the reviewers was incorporated in the final survey instrument.
3. Explain how the survey will be conducted, how customers will be sampled if
fewer than all customers will be surveyed, expected response rate, and actions
your agency plans to take to improve the response rate.
NIST will conduct an anonymous survey online using the Qualtrix survey platform.
For recruitment purposes, NIST is compiling a list of researchers who have authored human-centered security papers at cybersecurity or human-computer interaction conferences from the past three years. These researchers will be invited to complete the survey via email. NIST will also advertise the survey on mailing lists and social media accounts targeted at individuals conducting human-centered security research.
To meet the survey criteria, participants must be 18 years or older and have conducted human-centered security research. If eligible and choosing to participate, they will select the survey link to begin the survey. On the first screen of the survey, they will be able to view the NIST study information sheet (attached).
The survey includes 33 questions, including basic demographic information such as number of years of research experience and type of organization. Screenshots are being uploaded for review. The survey will take 12 minutes to complete. The survey will be closed once 150 respondents complete the survey.
Total burden hours: 150 respondents x 12 minutes per response = 30 burden hours.
The survey is human subjects exempt research. We are only collecting high-level demographic information and all collected data are anonymized. As stated in the provided Information Sheet, to maintain participant confidentiality, no identifiers, data, or information are collected that can be traced back to participants. Individual responses will be assigned an anonymous reference code. NIST will not create or keep a list that links the response reference codes to specific participants.
4. Describe how the results of the survey will be analyzed and used to generalize
the results to the entire customer population.
Data analysis will be conducted by NIST researchers. Analysis will consist of summary statistics (e.g., averages, frequencies) as well as inferential statistical tests to compare data based on sub-groups of researchers (type of organization, region, whether they also have prior practitioner experience).
The survey results may be generalizable to the human-centered security researcher population if sufficient statistical power is reached. For exploring 3 possible predictors (type of organization, region, whether they also have prior practitioner experience) for a medium effect size with a power of 0.8 and significance level of alpha = 0.05, a sample size of at least 77 is needed.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | PAPERWORK REDUCTION ACT |
Author | pboyd |
File Modified | 0000-00-00 |
File Created | 2024-07-20 |