Collaborative Research: SaTC: CORE: Small: Tracking User Behavior, Cognitive Burdens, and the Impact of Behavioral Nudging on Security Updates by Young and Older Adults
North Carolina Agricultural & Technical State University, Greensboro NC
Investigators
Abstract
Computer security significantly depends on user behaviors, including choices about whether and when to apply software updates. Many security problems, including high-profile data breaches, are caused by failure to update vulnerable software, even after security issues are known and patches are available. In order to make computing more secure, there is a need to better understand the decision-making processes of users regarding their choices to apply, delay, or ignore security-related software updates. For example, how are decisions about software updates affected by other tasks the user is currently performing? How is the decision-making process different for users who are older adults versus users who are young adults? This project seeks to answer these questions with experiments that place young and older adult users in a variety of security-related software updating situations to test specific theories of how task-related factors and cognitive aging influence behavior. The research team includes computer scientists and cognitive psychologists, and will innovatively combine knowledge from these two areas. The project serves the national interest both by advancing scientific knowledge of decision making processes, and how that knowledge may be applied to promote public welfare through increased computing security. The project uses multiple, complementary methods to increase understanding of cybersecurity behaviors of non-expert users in personal computing environments, including: systematic evaluation of the security update ecosystem to identify factors that may affect cybersecurity behaviors; surveying non-expert users to measure attitudes and expected behaviors in response to various software update scenarios; development and field testing of specific software update scenarios in personal computing environments; and development and testing of behavioral nudge interventions hypothesized to increase compliance with security-related software updating. These methods are employed to test the efficacy of protection motivation theory, cognitive load theory, and locus of control theory in the cybersecurity domain, and the results will contribute to the development of efficacious security-related software update strategies. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →