Supporting Statement

0693-0043OnlinePrivacySecurity-Phase-2-SupportingStatement.docx

NIST Generic Clearance for Usability Data Collections

Supporting Statement

OMB: 0693-0043

Document [docx]
Download: docx | pdf

OMB Control No. 0693-0043 NIST Generic Clearance for Usability Data Collections


User Perceptions of Online Privacy and Security: A Qualitative Approach



FOUR STANDARD SURVEY QUESTIONS



1. Explain who will be surveyed and why the group is appropriate to survey.


In a previous study, National Institute of Standards and Technology (NIST) explored user knowledge and understanding of online privacy and security. This work extends that effort by providing qualitative data for three groups: experts (those who work specifically in cybersecurity and privacy), middle level participants (those who work in areas that require understanding and use of privacy and security measures), and the general public (those who do things online but are not subject to privacy and security issues in their professional lives). In this Phase II study, in depth interviews will be conducted to gain insight into participant perceptions about online privacy and security and the ways in which mental models are connected to these. Participants will complete a short demographic questionnaire prior to the interview that asks questions about age, gender, educational level, online activity, and level of expertise with privacy and security.


The Comprehensive National CyberSecurity Initiative has a goal to develop technologies that provide increases in cybersecurity by orders of magnitude above current systems and which can be deployed within 5 to 10 years. The Federal Government has begun to outline Grand Challenges for the research community to help solve these difficult problems that require out-of-the-boxthinking.


Understanding usersmental models is important to identify proper training methodologies that assist users in navigating the often confusing and mentally taxing security world. To identify successful training and education modules, we need to understand the current state of usersmental models and perceptions of online privacy and security.


As part of a usability study, we intend to recruit 100 individuals using an existing contract, which provides a database of over 10,000 people who have participated in previous usability studies. The participants will participate in a semi-structured interview on perceptions of online privacy and security. Fifty participants from each of the three populations will be interviewed. These groups are appropriate for this project since NIST participants will come from the CyberSecurity division and represent an expert population, while those recruited by the contract will represent two categories of the general public (those who are required to use and consider privacy and security issues in their professional lives and those who use the internet but do not have privacy and security mandates in their work environments).






2. Explain how the survey was developed including consultation with interested parties, pre-testing, and responses to suggestions for improvement.


The semi-structured interview protocol was developed with attention to literature on cybersecurity and privacy as well as that on mental models. It was developed in conjunction with a qualitative research expert who is a party to a NIST Cooperative Agreement for this project. Both the semi-structured interview protocol and the demographic questionnaire were developed with input by NIST researchers who had been involved with the Phase I study. Questions (from both the protocol and the questionnaire) were pre-tested with approximately

3 people from each of the three groups that will be sampled for this study. Input from the pre-test was used to refine language and questions.



3. Explain how the survey will be conducted, how customers will be sampled if fewer than all customers will be surveyed, expected response rate, and actions your agency plans to take to improve the response rate.


NIST participants will be recruited by e-mail and will participate in the course of their official duties with their management's approval. Non-NIST participants from the general population will be recruited from existing recruitment databases.


Participants will be grouped into three categories according to experience with and knowledge about online privacy and security. Approximately 50 participants from each of the three populations will be interviewed.

Group 1: Expert participants are those who have degrees in Mathematics, Computer Science, or related fields, and who work specifically in the field of cybersecurity and privacy.


Group 2: Middle Level participants are those who deal with online security and privacy issues in their work but who are not specifically schooled or trained in the area (for example, bank loan managers or librarians).


Group 3: General Public participants are those who spend some time online for work or personal use, but who do not deal specifically with issues of online security and/or privacy in their professional life.


The expected response rate will be 100% since each participant will be provided the survey by the test facilitator and will complete the survey as part of the overall usability test.



4. Describe how the results of the survey will be analyzed and used to generalize the results to the entire customer population.


NIST researchers will perform the data analysis. Descriptive statistics will be run on demographic data. Interview data will initially be coded using grounded theory techniques of open, axial, and selective coding. This initial analytic phase will rely on both a priori and emergent codes and ideas. Memoing and constant comparative methods, also grounded theory techniques, will be used to further the analysis and explore the ways in which the data supports earlier findings from the coding process. The analysis will explore the ways in which the data fits with or contradicts current research on mental models of cybersecurity and privacy. We intend to publish the results of the study in a research journal article. No generalizations will be made beyond the study participants and their demographics.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorTheofanos, Mary Frances
File Modified0000-00-00
File Created2021-01-24

© 2024 OMB.report | Privacy Policy