Home data security decisions

Thesis

The most common solution to securing data in the home remains increased awareness. However, studies and increasing numbers of cyberattacks targeting the home point to very limited success of this intervention. Awareness campaigns can lead to information overload, do not impart security skills, implicitly assume that every home user is an administrator, and are largely ignorant of the specific context of the user. Unfortunately, little research has been done to understand the home user, the home context, and related security practices in order to inform the design of appropriate security interventions. A more grounded understanding of the home and security practices therein is required to address this gap.

The research presented in this dissertation focuses on understanding security practices in the home, and how they can inform the design of appropriate security technology to support such practices. The work was conducted in three steps: (a) empirical exploration of security support behaviours and factors that influence the outcome of security decisions in the home through 65 semi-structured interviews followed by a survey of 1128 UK participants; (b) development of a framework to guide the design of security technology for the home; and (c) a case study demonstrating applicability of the framework to the design of a network security toolkit for the home.

Grounded Theory was applied to analyse data from the interviews focussing on understanding security support behaviours. Thematic Analysis was also used to analyse the interview data to identify important concepts for understanding the security context in the home and factors that influence security decisions. Data from the survey was analysed using descriptive and inferential statistics to validate the previous qualitative results. Key findings include evidence of: (1) social networks serving as informal support networks in home security; (2) perceived competence being used to evaluate the quality of security support sources and work; and (3) visibility of harm influencing security decisions.

From this research, we propose the Home-Appropriate Network and Digital Security (HANDS) framework: a data-driven descriptive framework that enables designers of home technology to ground their design decisions in relevant contextual information. We demonstrate its application in a Case Study designing a network security toolkit for the home. The design was evaluated through 4 focus groups of 3 participants each, followed by a survey involving 616 UK participants. Thematic analysis was used to analyse data from the focus groups, while descriptive and inferential statistics were applied to analyse the quantitative data.

Authors: Nthala, N

• Type of award: DPhil
• Level of award: Doctoral
• Awarding institution: University of Oxford
• Language: English
• Keywords: Security design; Security; Decision making; Security behaviour; Usable security; Grounded Theory
• Subjects: Software Engineering; Information Security