Cybersecurity Definitions Interview Protocol
First, I’d like to ask you about your use and familiarity with technology and our topic today, cybersecurity.
Can you tell me about the technology you regularly interact with?
What devices do you use, and how often do you use them?
How comfortable do you feel using your technology?
Let’s talk about cybersecurity. How familiar are you with that first part of the word cybersecurity: the term “cyber?” What do you think cyber means?
How familiar are you with the concept of cybersecurity?
Would you describe yourself as having little knowledge, moderate knowledge, or expert knowledge about cybersecurity?
Can you tell me about why you chose _____ [their choice]?
How would you explain what cybersecurity is to a friend?
Now, I’m going to ask you to provide your own definition of cybersecurity. This is just a short sentence or phrase that answers the question “what is cybersecurity?” Coming up with a definition on-the-spot might be difficult or a bit intimidating, so please just try your best and don’t worry about how eloquent your definition is. Again, we’re not looking for perfect or 100% correct answers; we just want to know what you think cybersecurity is. So, if you were to give a definition of cybersecurity in about one sentence, what would it be?
*Based on previous answer : alternative wording
Would that be how you define cybersecurity?
Will you summarize your explanation into a definition of cybersecurity?
How do you feel your understanding of cybersecurity compares to your definition of cybersecurity?
*alternative wording-
In other words, do you feel that you understand cybersecurity better than you have defined it? If so, why do you think that is?
How does cybersecurity play a role in your everyday life?
In what ways do you practice cybersecurity personally?
Have you ever had any negative experiences related to cybersecurity?
Probes:
Have you ever been a victim of a cyber attack? If so, can you tell me a little about what happened?
What negative experiences, if any, have you had trying to implement cybersecurity?
Now I’m going to ask you about your thoughts and reactions to some representative definitions of cybersecurity we found through a Google search. These definitions are not necessarily the “best” definitions of cybersecurity; cybersecurity has been defined in many ways by many different sources. Remember, we are interested in your initial understanding and thoughts. I’m going to share my screen now, so you can see the definitions as we discuss them.
Definition 1:
Let’s look at the first definition together. I’ll read it aloud as you follow along: the process of limiting malicious attacks through good security processes, training, and securing computer networks, systems, devices and any other digital applications
I’ll give you a moment to process and look over the definition again. Let me know when you are done reading them and feel ready to talk about it. I’ll leave the definition up on the screen as we talk.
Continue when the participant indicates they are ready
What are your initial thoughts about this definition?
Probes:
What do you like or don’t like about this definition?
Now we’re going to go a little deeper into this definition and look at some specific phrases.
[TIP: Adjust the questions below if they were already discussed in the responses to the prior set of questions. For example, if the participant mentioned that they don’t know what “malicious attack” means, skip the question below on what they think that term means. Instead say “You mentioned that you didn’t understand what malicious attacks were. Do you have any other thoughts you’d like to share about the term?”]
First, let’s look at the phrase “malicious attacks.”
What do you think this means?
Can you think of some examples of the malicious attacks that are being referred to in this definition?
Are there other types of issues that cybersecurity addresses that you may not consider to be malicious? [If yes:] Can you think of some examples of these other issues?
Now, let’s take a closer look at: “computer networks, systems, devices and any other digital applications.”
Can you think of some specific examples of what might be included in networks, systems, devices, or digital applications?
Probe: What do you digital applications are?
Finally, let’s look at the last part of the definition in its entirety: “good security processes, training, and securing computer networks, systems, devices and any other digital applications.”
What do you think the processes refer to? What are some examples?
What kinds of training might this definition refer to?
What are some examples of ways in which networks, systems, devices, and applications can be secured?
How does this definition affect your understanding of cybersecurity?
Probe: How does this definition enhance or change your understanding of cybersecurity, if at all?
Would you recommend this definition of cybersecurity to a friend or family member who wants to understand cybersecurity? Why or why not?
Definition 2:
Now, we’ll look at one more definition in detail. I’ll read it aloud and post it on the screen for you to follow along: an approach or series of steps to prevent or manage the risk of damage to, unauthorized use of, exploitation of, and—if needed—to restore electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity, and availability of these systems.
I’ll give you a moment to process and look over the definition again. Let me know when you are done reading them and feel ready to talk about them.
Continue when the participant indicates they are ready
What are your initial thoughts about this definition?
Probes:
What do you like or don’t like about this definition?
Just like we did for the first definition, we’re going to look at some specific phrases.
Let’s first look at the phrase “electronic information and communication systems, and the information they contain.”
What do you think “electronic information systems” are?
What do you think “communications systems” are?
Can you think of some examples of the types of information these systems may contain?
Now let’s look at the phrase “the risk of damage to, unauthorized use of, exploitation of.” There are several things included here when describing some of the risks to information and communications systems.
Can you think of any examples of these risks?
Additional/ alternative wording to help break down the concepts
What are some ways in which damage could be caused to the systems?
What makes access unauthorized? What do you think that means?
Finally, let’s take a closer look at the last part of the definition: “confidentiality, integrity, and availability.”
What do you think confidentiality means in this definition?
What do you think integrity means in this definition?
What do you think availability means in this definition?
How does this definition affect your understanding of cybersecurity?
Probe: How does this definition enhance or change your understanding of cybersecurity, if at all?
Would you recommend this definition of cybersecurity to a friend or family member who wants to understand cybersecurity? Why or why not?
Considering both the definitions we just stepped through (Definition 1 and Definition 2), which do you prefer? For what reasons?
Now we’re going to talk through an activity where you will sort other published definitions of cybersecurity in a few ways.
Remember that cybersecurity has been defined in many ways, and our goal during this is to get your thoughts on these definitions as you sort them.
I’m going to show you a set of definitions lettered A-F. All the definitions you see are published definitions of cybersecurity. I’ll read them each aloud while you follow along.
Read definitions.
Now, you can take some time to read them on their own. Let me know when you feel ready to talk about them.
Continue when the participant indicates they are ready
Now, I’m going to ask you to consider these definitions based on different characteristics. I will drag any definitions you’ve selected into the box on the right side of the screen, so you can visualize your selections.
Demonstrate moving definitions into the unlabeled box on the screen
You can always change your mind, and I will make those changes on the screen. You do not need to use all definitions, and you do not need to select any definitions if you find that none fit that description.
I’m going to start by asking you to select one or two of your favorite definitions of the ones you see on the screen as your favorites. You can let me know as you select one, and I will drag the definition in the box labeled “Favorites'' on the right side of the screen.
Can you tell me about your thinking during that task?
Probe: What did you consider when choosing your favorites?
Thanks! Now, I’m going to ask you to select definitions you think are easy to understand, and I drag them into the box. Remember, you do not need to use all definitions, and you do not need to select any definitions if you find that none fit that description.
Tell me about your thinking during this exercise.
Probe:
Why are these definitions understandable?
Why did you leave the other definitions out of the box? What makes them confusing or unclear?
What terms or parts of these definitions are confusing to you, if any?
Here, I’d like you to think about these definitions in terms of their comprehensiveness, or how completely or broadly they define cybersecurity. Select any definitions that you think are comprehensive, and I’ll drag them into the box.
Can you tell me about your thinking?
Probes:
Why are these definitions comprehensive?
Why are the other definitions incomplete?
For this next task, I’d like you to consider how useful these definitions are in helping you to better understand what cybersecurity means in your own use of technology. I will drag any definitions you find useful into this box.
Can you explain your thinking?
Probes:
Why are these definitions useful?
Why are the other definitions not as useful?
This slide is the same as the first; it shows us the definitions without any box next to them. Looking at them again, do any of these definitions stand out to you in any other way?
Now, I’m going to share the sources of these published definitions now. Please take a look at them.
Pause for reading
Now that you’ve seen the sources, have your opinions of any of the definitions changed?
Do you have any other reactions now that you see the sources?
Thanks for talking with me and completing that activity!
During this interview you have looked at several published definitions of cybersecurity. In what ways has your understanding of cybersecurity changed during this interview, if at all?
What other thoughts on cybersecurity would you like to share today?
Thank you again. Have a great day!
End/Leave meeting
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 2024-07-20 |