Monday, November 19, 2007

Information Protection and Behavior Modification


In 2006-2007 the National Science Foundation (NSF) and the Iowa State University Center for Information protection (CIP) funded a study on information and identity theft protection of which I am the PI (Principal Investigator). The NSF-CIP project is directed at identifying factors that lead to data and critical information loss and then designing targeted and appropriate educational/training programs that change people’s behavior and lead to more “Security Consciousness” – (SEC-CON).

As a result of this research we are now developing best practices for information and ID protection. Our colleagues in computer science, computer engineering, mathematics, and management information systems (MIS) are working on parallel discoveries that will make information more secure and personal identities less vulnerable. Their work and ours will be incorporated into corporate, government, non-profit organizations and into individual practices.

I am delighted to report some preliminary findings which can help secure information.

Individuals need to have personal security of personal data high on their “awareness” list. In fact research shows that ID security needs to become a “second sense”. It should never be something we do once a month or quarterly.

There is now significant evidence that there is an “Unwarranted Trust” - UT -factor which basically “disarms” people’s behavior when it comes to securing and protecting sensitive data. Understanding UT as a sociological and psychological behavioral phenomenon, we feel, is THE single most critically important factor in successful “Security Behavior Modification” – SBM.

The second phase of the NSF-CIP project is designed to modify and improve and develop a continuous improvement paradigm for training systems for employees who have access to critical information. As one of our sponsors who is with a large multinational company pointed out at a recent briefing SBM is invaluable not only for the protection of traditional data of concern such as Social Security and Credit Card numbers and birth dates but also as a means of sensitizing employees to the risk of revealing or losing proprietary information, business plans, patents, and other information that should be secured and protected.

For more information on the National Science Foundation/Center for Information Protection project please contact us at ---
Michael McCoy - 559 Ross Hall Ames, IA. 50011-1204 or email: mrmccoy@iastate.edu


Steffen Schmidt

Labels: , , , , , , , , , , ,

0 Comments:

Post a Comment

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft