[ skip to content ]

December 16, 2013

ODU Faculty Members Awarded NSF Grant for Study of Cyber Security in the Workplace

topstory3-lgWu He
By Brendan O'Hallarn

That quiz asking "What Disney princess are you?" may be a few minutes of Facebook fun. But are you risking your organization's network to take it?

As the field of information security grows dramatically, worldwide more and more attention is being paid to the causes of so-called security breaches. Recent high-profile cyber attacks suggest that users themselves are to blame for many of these incidents.

For unwary users and their organizations, social media sites such as Tumblr, Facebook, MySpace, Twitter and LinkedIn potentially pose a variety of serious security risks and threats.

Recent studies show that social media sites are more in use for delivering malware (malicious software) than were previously popular methods of email delivery. Because of this, many organizations are looking for ways to implement effective security policies. Getting employees to comply with a security policy, however, can be a significant challenge.

In the face of this increasing risk, four Old Dominion faculty members have received a $245,460 grant from the National Science Foundation's (NSF) Directorate for Social, Behavioral & Economic Sciences to study the factors that affect cyber security behavior, helping employees more deeply understand their security risks and improve their security behavior.

The grant was received by three faculty members in the College of Business and Public Administration - Wu He, assistant professor of information technology/decision sciences; Ling Li, E.V. Williams Research Fellow and professor of operations and supply chain management; and Li Xu, professor and Eminent Scholar of information technology/decision sciences - as well as Ivan Ash, associate professor of psychology in the College of Sciences.

This NSF grant is in the category of business and economic science, which is a rare accomplishment for business faculty members across the country.

The study is aimed at helping organizations find innovative ways to increase their employees' security awareness and their capabilities to engage in online security behavior.

Starting with a survey to identify factors that affect organizational employees' cyber security behavior, the data will be used to develop a psychological decision-making model for cyber security compliance.

The second stage of the project will be a controlled experimental study to compare the effectiveness of different interventions aimed at increasing cyber security compliance.

The ultimate goal of the study is to contribute to the psychological, behavioral and educational theories relating to the basic processes by which people assess vulnerabilities and threats, and respond to them.

The ODU researchers hope to produce educational workshops, a project portal, journal publications and conference presentations to disseminate the results of the project to a broad audience that includes corporate IT directors, managers, employees, researchers and practitioners in various industries such as real estate, financial services, logistics and supply chain, insurance and education.