Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Researcher seeks volunteers for interview

From: Brad Judy <win-hied () BRADJUDY COM>
Date: Thu, 4 Mar 2010 14:06:56 -0500
I would start with a reference to your advisor
(http://ist.psu.edu/ist/directory/faculty/?EmployeeID=68 ), who could be
confirmed as faculty and confirm your work if needed, and a link to your
information (http://www.psu.edu/cgi-bin/ldap/ldap_query.cgi?uid=mly107 ) .
If there's an official web page for the project, that would be good too.



This group is also going to be interested in the privacy controls you have
in place for your research.  Is there an IRB document that outlines how you
will protect the identity and information you receive from participants?
Presumably you submitted something to the PSU ORP
(http://www.research.psu.edu/orp/index.asp).



Brad Judy



Emory University



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michelle Young
Sent: Thursday, March 04, 2010 1:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Researcher seeks volunteers for interview



Ha ha, ok that's fair.  So any suggestions on how a poor master's student
could convince someone... anyone to talk to her?  Letters of recommendation
from other Listserv participants?

On Thu, Mar 4, 2010 at 1:04 PM, <Valdis.Kletnieks () vt edu> wrote:

On Thu, 04 Mar 2010 12:31:25 EST, Michelle Young said:


Research volunteers from the field of cyber security, 18 years of age and
older, are being sought to participate in a Penn State research study of
cyber security professionals.  Specifically, the research seeks to
understand how cyber security professionals make decisions under complex
circumstances.  The study involves a one-hour telephone interview to

discuss

cognitive tasks, methods, and techniques used by the analyst to prevent

and

detect cyber security attacks.


Does detecting a social-engineering attack count? ;)

Sorry Michelle - but that's somewhat a serious question.  Security
professionals
are by nature at least somewhat paranoid, and unlikely to volunteer info
unless they're reasonably sure they know who they're talking to.

And it isn't just you - we don't even have a good handle on the number of
compromised zombie computers out there, because most of the people who have
any hard data are often not talking because either their employer gets a
competitive advantage from the hard data, or not wanting the black hats to
know how much we do/don't know about their activities.
Previous By Date Next
Previous By Thread Next

Current thread: