Cybersecurity Awareness and Education
Zhang-Kennedy, L. and Chiasson, S. (2020) A Systematic Review of Multimedia Tools for Cybersecurity Awareness and Education. ACM Computing Surveys (CSUR). (in submission)
Description: In this survey paper, we conduct the first comprehensive review of cybersecurity educational tools created in the last twenty years. We identified 119 tools, categorizing them into five predominant types. We systematically evaluated each educational tool against established instructional design principles from the field of learning science and made further proposals for their use. Our analysis revealed a limited number of empirically validated tools, particularly for supporting engagement, usability, and learning objectives. We provide guidelines and recommendations for an improved design and evaluation methodology and identify open areas for future research.
Zhang-Kennedy, L., Abdelaziz, Y., and Chiasson, S. (2017) Cyberheroes: The Design and Evaluation of an Interactive Ebook to Educate Children about Online Privacy. International Journal of Child-Computer Interaction (IJCCI).
Description: This paper presents the design and evaluation of an educational interactive ebook that I created called Cyberheroes. We show Cyberheroes is effective at improving children’s privacy proficiency, knowledge retention and transfer compared to the control, even after one week. Further, we show Cyberheroes is a useful tool for mediating parent-child discussions about potentially “frightening” online privacy topics. We found that Cyberheroes is engaging, easy to use, and easy to learn.
Zhang-Kennedy, L., Chiasson, S., and Biddle, R. (2016) The Role of Instructional Design in Persuasion: A Comics Approach for Improving Cyber Security. International Journal of Human-Computer Interaction (IJHCI), Taylor & Francis, 32:215-257.
Description: This paper consolidates several user studies for evaluating the effectiveness of Secure Comics, an online interactive comic series that I created to educate users about various security and privacy concepts. We show that users have a poor understanding of security threats, which may influence their motivation and ability to practice safe behaviour. Secure Comics addresses this problem by improving users’ understanding and motivate positive changes in security management behaviour. We discuss the implication of the findings to better understand the role of instructional design and persuasion in education technology.
Mental Models of Computer Security and Privacy
Zhang-Kennedy, L., Assal, H., Rocheleau, J., Mohamed, R., Baig, K., & Chiasson, S. (2018). The aftermath of a crypto-ransomware attack at a large academic institution. In USENIX Security Symposium.
Description: We make a time-sensitive contribution to capture the technological, productivity, personal, and social impact of ransomware attacks on users in the immediate aftermath of a crypto-ransomware attack at a large North American university. The paper highlights the unaccounted secondary costs of attacks and the importance of including human factors in cyber-response plans.
Zhang-Kennedy, L., Mekhail C., Abdelaziz, Y., and Chiasson, S. (2016) From Nosy Little Brothers to Stranger-Danger: Children and Parents’ Perception of Mobile Threats. In Interaction Design and Children (IDC), ACM.
Description: We explore the perceived privacy and security threats faced by children aged seven to eleven, along with the protection mechanisms employed. We identify four models of privacy held by children. Furthermore, we found that children's concerns fit into four child-adversary threat models. Their concerns differed from the five threat models held by the parents. Parents used a variety of protection strategies to minimize children's exposure to external threats. In reality, however, we show that security and privacy risks from an internal family member or a friend could be more common than harm from outsiders.