Search Publications

Displaying 1 - 25 of 223

"A five-year-old could understand it" versus "This is way too confusing": Exploring Non-expert Understandings and Perceptions of Cybersecurity Definitions

April 28, 2025

Author(s)

Lorenzo Neil, Charlotte Healy, Julie Haney

Experts struggle with explaining cybersecurity in a language and tone appropriate for non-expert audiences. This communication gap may make it difficult for a broad and diverse audience to fully engage in cybersecurity. Fundamental forms of communication

Workshop Summary Report for ConnectCon 2024: "Minding the Gaps in Human-Centered Cybersecurity"

April 7, 2025

Author(s)

Julie Haney, Matthew Canham, Mike Elkins, Lisa Flynn, Matthew Gordin, Victoria Granova, Wenjing Huang, Jody Jacobs, Greg Moody, Ann Rangarajan, Michael Ross, Robert Thomson, Joe Uchill

In August 2024, the National Institute of Standards and Technology (NIST) co-sponsored ConnectCon, an interactive workshop that facilitated meaningful conversations and connections between researchers and practitioners on the topic of human-centered

Designing Usable Audio for Voting Systems: Best Practices and a Test Approach

January 31, 2025

Author(s)

Lynn Baumeister, Whitney Quesenbery, Sharon J. Laskowski

Voting systems must support multiple interaction modes: presenting information both visually and auditorily, accepting navigation and selections from both screen touches and key presses on a tactile controller. The best practices outlined in this document

Legibility of Summary-Style Printed Ballots: What makes a printed summary-style ballot easy to verify?

January 31, 2025

Author(s)

Lynn Baumeister, Whitney Quesenbery, Sharon J. Laskowski

The ability of voters to review and verify their selections before casting their ballot is an important step in the voting process. This report explores the legibility and readability of summary ballots printed by ballot marking devices (BMDs) and the

Perspectives on E2EV: Results from Interviews with Election Experts

January 14, 2025

Author(s)

Kristen Greene, Shanee Dawkins, Julie Haney, Mary Theofanos, Jody Jacobs, Sandra Spickard Prettyman, Kristin L. K. Koskey

Leveraging the Human Factors Discipline for Better Cybersecurity Outcomes: A Roundtable Discussion

December 1, 2024

Author(s)

Margaret Cunningham, Calvin Nobles, Nikki Robinson, Julie Haney

"The Human Factor" department co-editor Julie Haney recently spoke with three human factors experts to get to the bottom of what the oft-misunderstood human factors discipline actually is, how the cybersecurity community and organizations can benefit from

From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program

November 26, 2024

Author(s)

Julie Haney, Wayne Lutters

There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance  measured by training completion rates  to those resulting in behavior change. However, few researchers or practitioners

Practical Guide for Collecting Feedback from NIST SRM & RM Users: Survey Development Process

November 4, 2024

Author(s)

Yee-Yin Choong, Johanna Camara, Tracey Schock, Clay Davis

One way NIST ensures that measurements are accurate and compatible is by certifying and providing over 1 300 Standard Reference Materials® (SRM®) with well-characterized composition, properties, or both. Customers use these materials to calibrate

Reflection of its Creators: Qualitative Analysis of General Public and Expert Perceptions of Artificial Intelligence

October 16, 2024

Author(s)

Theodore Jensen, Mary Frances Theofanos, Kristen K. Greene, Olivia Williams, Kurtis Goad, Janet Bih Fofang

The increasing prevalence of artificial intelligence (AI) will likely lead to new interactions and impacts for the general public. An understanding of people's perceptions of AI can be leveraged to design and deploy AI systems toward human needs and values

Not All Victims Are Created Equal: Investigating Differential Phishing Susceptibility

September 6, 2024

Author(s)

Matthew Canham, Shanee Dawkins, Jody Jacobs

Repeat clickers refer to individuals who repeatedly fall prey to phishing at-tempts, posing a disproportionately higher risk to the organizations they inhabit. This study sought to explore the potential influence of three factors on repeat clicking

A Review of the Literature on Voter Verification and Ballot Review

July 8, 2024

Author(s)

Whitney Quesenbery, Suzanne Chapman, Christopher Patten, Roberto Spreggiaro, Shanee Dawkins

One of the major issues for voting systems today is whether they provide voters with a meaningful opportunity to verify their ballot before casting it. This opportunity is important in helping them vote their intent by catching errors or omissions made

How Voters Review and Verify Ballots

July 8, 2024

Author(s)

Suzanne Chapman, Lynn Baumeister, Whitney Quesenbery, Shanee Dawkins

Qualitative research to gain deeper insights about how voters mark, review, verify, and cast their ballots. Conducted as part of the work to update the human factors—accessibility, privacy, and usability—requirements in federal voting system standards and

Towards Bridging the Research-Practice Gap: Understanding Researcher-Practitioner Interactions and Challenges in Human-Centered Cybersecurity

June 13, 2024

Author(s)

Julie Haney, Clyburn Cunningham, Susanne Furman

Human-centered cybersecurity (HCC) researchers seek to improve people's experiences with cybersecurity. However, a disconnect between researchers and practitioners, the research-practice gap, can prevent the application of research into practice. While

Mathematical Entities: Corpora and Benchmarks

May 20, 2024

Author(s)

Jacob Collard, Valeria de Paiva, Eswaran Subrahmanian

Mathematics is a highly specialized domain with its own unique set of challenges. Despite this, there has been relatively little research on natural language processing for mathematical texts, and there are few mathematical language resources aimed at NLP

From Ivory Tower to Real World: Building Bridges Between Research and Practice in Human-Centered Cybersecurity

March 21, 2024

Author(s)

Julie Haney

Research insights critical to improving people's cybersecurity experiences and outcomes may not be integrated into practice, demonstrating the often-observed and dreaded "research-practice gap." This talk will describe recent NIST research efforts to

Preliminary Study of Mixed Reality Interfaces for Collaborative Robot Programming of a Manufacturing Assembly Task Board

March 9, 2024

Author(s)

Medhavi Kamran, Snehesh Shrestha, Arnav Juneja, Shelly Bagchi, Jeremy Marvel, Megan Zimmerman, Vinh Nguyen

Collaborative robot tasks in manufacturing often involve manually placing and recording the robot in various positions throughout the intended task. However, existing methods for programming robot have been shown to cause physical strain and confusion for

Towards Integrating Human-Centered Cybersecurity Research Into Practice: A Practitioner Survey

January 30, 2024

Author(s)

Julie Haney, Clyburn Cunningham, Susanne M. Furman

The "research-practice gap" can prevent the appli- cation of valuable research insights into practice. While the gap has been studied in several fields, it is unclear if prior findings and recommendations apply to human-centered cybersecurity (HCC), which

Tradeoffs, Transparency, and Shared Responsibility: Exploring Users' Perceptions of Smart Home Security and Privacy in the U.S.

December 13, 2023

Author(s)

Julie Haney

Smart home technology may expose adopters to increased risk to network security, information privacy, and physical safety. However, users of this technology may lack understanding of the privacy and security implications, and manufacturers often fail to

Usability and Accessibility of Electronic Pollbooks, Part 2: A Usability Test Protocol

December 4, 2023

Author(s)

Whitney Quesenbery, Lynn Baumeister, Shanee Dawkins

This document is the second part of a series of documents on the usability of electronic pollbooks. It contains a procedure for how e-pollbooks might be evaluated, including a preliminary protocol for running a usability test. It can be used by people

Usability and Accessibility of Electronic Pollbooks, Part 1: Usability in the Polling Place

December 1, 2023

Author(s)

Whitney Quesenbery, Lynn Baumeister, Shanee Dawkins

This publication is a report on the exploration of the use of electronic pollbooks (e-pollbooks) in elections. The scope of this report is on usability and accessibility of e-pollbooks, that is, their use by poll workers and voters, rather than on

NIST Phish Scale User Guide

November 15, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

The phishing cyber threat exploits vulnerabilities in the U.S. and around the world across private and public sectors. Embedded phishing awareness training programs, where simulated phishing emails are sent to employees, are designed to prepare employees

Can you Spot a Phish?

September 26, 2023

Author(s)

Jody Jacobs, Shanee Dawkins

This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

It's Not Always What the Eye Can See - Challenges in the Evaluation of Augmented Reality

September 19, 2023

Author(s)

Kurtis Goad, Kevin C. Mangold, Susanne M. Furman

Augmented reality (AR) technology is developing at a fast pace. Usability evaluation methodologies for AR need to be updated to accommodate the increasing complexity of how people interact with AR technology. Eye tracking metrics, which have been

Phishing for User Context: Understanding the NIST Phish Scale

August 23, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

The NIST Phish Scale is a method for measuring human phishing detection difficulty, providing a metric – a phishing email detection difficulty rating – for phishing training implementers to gain a better understanding of the variability in click rates

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023

Author(s)

Shanee Dawkins, Jody Jacobs

Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers