Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of...
-
Upload
virgil-goodwin -
Category
Documents
-
view
220 -
download
1
Transcript of Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of...
![Page 1: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/1.jpg)
Social Science Experiment
Jan-Willem Bullee
![Page 2: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/2.jpg)
2 Cyber-crime Science
Background
Effectiveness of authority on compliance
We can get some of the answers from» Literature (Meta-analysis)
» Attacker stories/interviews
But the answers are inconclusive» Different context
» Hard to measure human nature
» Difficult to standardize behaviour.
![Page 3: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/3.jpg)
3 Cyber-crime Science
Principles of Persuasion
Authority» More likely to listen to an police officer
Conformity» Peer pressure
Commitment» Say yes to something small first
Reciprocity» Return the favour
Liking» People like you and me
Scarcity» Wanting the ungettable
![Page 4: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/4.jpg)
5 Cyber-crime Science
Literature on Authority
Classical Milgram Shock Experiment» 66% full compliance
[Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.
![Page 5: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/5.jpg)
5 Cyber-crime Science
Introduction Key Experiment
Get something from an employee
Equal to password or PIN
Intervention
Impersonate
![Page 6: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/6.jpg)
5 Cyber-crime Science
Experimental Setup
Design
Intervention» Written memo
» Key-chain
» Poster
R1 X OR2 O
![Page 7: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/7.jpg)
5 Cyber-crime Science
Hypotheses
H0: Intervention and Control comply equally
H0: Authority and Control comply equally
H0: Effect of Authority on compliance
![Page 8: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/8.jpg)
5 Cyber-crime Science
Results
351 rooms targeted» N=118 (33,6%) populated
Demographics Targets» Female: 24 (20%) Male: 94 (80%)
» Mage = 34, range (23-63) years
Overall compliance distribution» 52.5%/47.5%
![Page 9: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/9.jpg)
5 Cyber-crime Science
Results
![Page 10: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/10.jpg)
5 Cyber-crime Science
Results
Intervention distribution» 60%/40%
H0: Intervention and Control comply equally» χ²-test
» Hypothesis rejected
![Page 11: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/11.jpg)
5 Cyber-crime Science
Results
Authority distribution» ≈50/50
H0: Authority and Control comply equally» χ²-test
» Hypothesis accepted
![Page 12: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/12.jpg)
5 Cyber-crime Science
Results
Effect of authority» Logistic Regression
» Employees that did not get the intervention are 2.84 times morelikely to give their key away
Intervention Give Key
![Page 13: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/13.jpg)
5 Cyber-crime Science
Results
Effect of authority» Logistic Regression
» Employees that did not get the intervention are 2.84 times morelikely to give their key away
» Authority: No effect
Intervention
Authority
Give Key
![Page 14: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/14.jpg)
5 Cyber-crime Science
Results
Comments:» “Great test!” “Cool Experiment” “Interesting study”
» “I had doubts” “Having an keychain is important”
» “Suspicious looking box”
» “Guy in suit looked LESS trustworthy”
» “Asked for my ID”
» “Trusted me since I looked friendly”
» “I feel stupid”
» “I didn’t wanted to give the key, but did it anyway”
![Page 15: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/15.jpg)
5 Cyber-crime Science
Take Home Message
Children, animals, people never react the way you want.
Limited availability in July and August
You are not important for others
…unless you want to break the system
1/3 of employees works on a Wednesday in September
2.84 times higher odds to get key if no intervention
![Page 16: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/16.jpg)
10 Cyber-crime Science
Charging Mobile Phone
![Page 17: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/17.jpg)
10 Cyber-crime Science
Charging Mobile Phone
What are the security considerations of the users of a public mobile phone charger?» What is the use rate of the device (per number of
people at that location per hour),
» Why do people use (or not) the system?
» How do the safety perceptions of the current users differ between the former users and the non-users.
You are the researchers!
![Page 18: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/18.jpg)
10 Cyber-crime Science
Crime Prevention
CPTED Framework (Crime Prevention Through Environmental Design)
Activity Support» Eyes on the street» Unfortunately: also provides opportunity» Overall crimes are reduced by increasing activity
[Coz05] Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): a review and modern bibliography. Property management, 23(5), 328-356.
![Page 19: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/19.jpg)
10 Cyber-crime Science
Hypotheses
H0: Cabinets in busy and quite areas are equally used.
H0: Cabinets with surveillance (e.g. service desk) and with no surveillance are equally used.
H0: Cabinets in lunch hours (e.g. lunch) and lecture hours are equally used.
![Page 20: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/20.jpg)
11 Cyber-crime Science
Our Design
Researchers: You (Student)
Target: Fellow Students and Employee
Goal: Observe» Observe and interview people
Interface: Face 2 Face
Count people and short questionnaire
![Page 21: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/21.jpg)
12 Cyber-crime Science
Method : Our design
2 experimental conditions» Users of the system / non users of the system
6 locations» Experimental: Bastille, Hal-B, Horst and Spiegel» Control: ITC (city center), Ravelijn
![Page 22: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/22.jpg)
13 Cyber-crime Science
Method : Our procedure
Subjects from the experimental building» Teams of 1 researcher» One minute count: the people that pass-by» Approach users of the system
Subjects from the control building» Teams of 2 researchers
» Interview people walking in the area
More details on the course-site
![Page 23: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/23.jpg)
15 Cyber-crime Science
What to do
Before Tuesday 9 September» Register in the Doodle
On 10, 17 (and 24) September» 09:30 - 09:50 Briefing at ZI4047
» Travel to location
» 10:30 - 12:45 Experiment
» 12:45 - 13:30 Break and travel
» 13:30 - 15:45 Experiment part 2
![Page 24: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/24.jpg)
16 Cyber-crime Science
What to do
We have permission to do this only at» UT: Bastille, Hal-B, Horst, Ravelijn, Spiegel and ITC
Enter your data in SPSS» Directly after the attack
» Come to me ZI4047
Earn 0.5 (out of 10) bonus points
![Page 25: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/25.jpg)
17 Cyber-crime Science
Ethical issues
Informed consent not possible
Zero risk for the subjects
Approved by facility management
Consistent with data protection (PII form)
Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/
![Page 26: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/26.jpg)
18 Cyber-crime Science
Conclusion
Designing research involves:» Decide what data are needed
» Decide how to collect the data
» Use validated techniques where possible
» Experimental Design, pilot, evaluate and improve
» Training, data gathering
![Page 27: Social Science Experiment Jan-Willem Bullee. 2 Cyber-crime Science Background Effectiveness of authority on compliance We can get some of the answers.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649de65503460f94adf0f2/html5/thumbnails/27.jpg)
19 Cyber-crime Science
Further Reading[Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895
[Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295
[Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.