Search Publications

Displaying 76 - 100 of 223

Handbook for VVSG 2.0 Usability and Accessibility Test Strategies

January 25, 2023

Author(s)

Whitney Quesenbery, Sharon J. Laskowski

This document provides guidance and resources for how to test voting systems against the usability and accessibility requirements in the Voluntary Voting System Guidelines (VVSG) 2.0. The requirements include Principles 2.2 and 5 through 8. The goal of

Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges

January 11, 2023

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This Special Publication details our research exploring cybersecurity role-based training for those who for individuals who are assigned management, operational, and technical roles having security and privacy responsibilities.

Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned (Purdue CERIAS Presentation)

December 7, 2022

Author(s)

Julie Haney

Whether you're implementing security policy or developing products, considering the human element is critical. Yet security professionals often fall victim to misconceptions and pitfalls that undermine users' ability to reach their full security potential

Voices of First Responders: How to Facilitate Adoption and Usage of Communication Technology - An Integrated Analysis of Qualitative and Quantitative Findings

November 28, 2022

Author(s)

Yee-Yin Choong, Kerrianne Buchanan, Shanee Dawkins, Sandra Spickard Prettyman

The Nationwide Public Safety Broadband Network (NPSBN) is being developed to provide a dedicated network for the use of first responders during incident response. A wave of new communication technologies compatible with the NPSBN is on the horizon, as

Parenting the "Always Connected" Generation - Research Findings from NIST Youth Security & Privacy Research

October 25, 2022

Author(s)

Yee-Yin Choong

Kids are engaged in technology and online activities at younger ages than ever before. They are the "digital natives" – an always online and connected generation. Much cyber security research has focused on adults' perceptions and practices. But, what

Can You Spot a Phish

October 19, 2022

Author(s)

Shanee Dawkins, Jody Jacobs

This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

Challenges to building youth's online safety knowledge from a family perspective: Results from a youth/parent dyad study

August 7, 2022

Author(s)

Olivia Williams, Yee-Yin Choong, Kerrianne Buchanan

This paper overviews a dyadic study of youth knowledge and understandings of online privacy and risk, and then highlights challenges that the study reveals about youth online risk taking and privacy protective measures from a family perspective. A full

Investigating youths' learning of online safety and privacy from others: A discussion of study design and statistical analysis considerations

August 7, 2022

Author(s)

Kerrianne Buchanan, Yee-Yin Choong, Olivia Williams

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Short Paper)

July 14, 2022

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This paper presents our research from our mixed-methods study analyzing how organizations determine security awareness program effectiveness. This paper is being submitted to the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) 8th Workshop

Lessons Learned and Suitability of Focus Groups in Security Information Workers Research

June 26, 2022

Author(s)

Julie Haney, Jody Jacobs, Fernando Barrientos, Susanne M. Furman

Security information workers (SIW) are professionals who develop and use security-related data within their jobs. Qualitative methods -- primarily interviews -- are becoming increasingly popular in SIW research. However, focus groups are an under-utilized

Users Are Not Stupid: Eight Cybersecurity Pitfalls Overturned

June 7, 2022

Author(s)

Julie Haney

An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals

June 4, 2022

Author(s)

Julie Haney, Jody Jacobs, Susanne M. Furman

Security awareness professionals are tasked with implementing security awareness programs within their organizations to assist employees in recognizing and responding to security issues. Prior industry-focused surveys and research studies identified

Consumer Perspectives on Loss of Support for Smart Home Devices

May 26, 2022

Author(s)

Julie Haney, Susanne M. Furman

Unsupported smart home devices can pose serious safety and security issues for consumers. However, unpatched and vulnerable devices may remain connected because consumers may not be alerted that their devices are no longer supported or do not understand

NIST Cybersecurity Role-based Training Study Presentation

May 20, 2022

Author(s)

Jody Jacobs, Julie Haney, Susanne M. Furman

This presentation is for the May 17, 2022 Federal Information Security Educators (FISSEA) Spring Forum hosted by NIST. This presentation will present our preliminary findings from our Role-Based Training Study.