Cyber-Security across the Life Span (cSaLSA)
Lead Research Organisation:
Northumbria University
Department Name: Fac of Health and Life Sciences
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
Publications
Nicholson J
(2019)
"If It's Important It Will Be A Headline"
Morrison BA
(2020)
Technological Change in the Retirement Transition and the Implications for Cybersecurity Vulnerability in Older Adults.
in Frontiers in psychology
Morrison B
(2021)
How do Older Adults feel about engaging with Cyber-Security?
in Human Behavior and Emerging Technologies
Joinson A
(2023)
Development of a new 'human cyber-resilience scale'
in Journal of Cybersecurity
Dixon M
(2022)
Holding Your Hand on the Danger Button Observing User Phish Detection Strategies Across Mobile and Desktop
in Proceedings of the ACM on Human-Computer Interaction
Branley-Bell D
(2022)
Exploring Age and Gender Differences in ICT Cybersecurity Behaviour
in Human Behavior and Emerging Technologies
Description | To date we have derived a dictionary of key cybersecurity terms which reflects those terms most commonly understood and used by teenagers, working age adults and older adults. We have identified the communication channels for cybersecurity information that are most pressing for older adults. We have also established the ways that older adults communicate and receive information about cybersecurity and have identified potential issues for the ways that government and policymakers may wish to send out information targeted at older adults. We have also developed, tested and refined a new 'cyber-resilience' scale that measures four factors that give rise to enhanced cyber-resilience in individuals and households and we have conducted a qualitative study of resilience in households. |
Exploitation Route | Northumbria Police have an expressed an interest in an age-related glossary of security terms. NCSC have expressed an interest in our communication findings and we have talked to them in relation to some of the potential issues faced by older adults following changes to TV licensing rules. We have talked to the Home Office in regard to communication and have also worked with NCSC to run two workshops for policymakers, one on communication and one on resilience. We have also been working with Pinsent Masons law firm on developing new scales that measure cybersecurity within their organisation. The resulting output (titled 'The Human Cyber Index (HCI)' has been submitted (February 2022) to the Lawyer Awards ('Best use of tech'). |
Sectors | Digital/Communication/Information Technologies (including Software) Education Financial Services and Management Consultancy Government Democracy and Justice Security and Diplomacy |
URL | https://www.riscs.org.uk/project/csalsa-cyber-security-across-the-life-span/ |
Description | The csalsa team made a response to the UK Gov Green paper on Internet Safety (Oct 2017) and have conducted a series of workshops in conjunction with U3A to improve older adult cybersecurity. The older adults work has led to a new project about empowering cyberguardians in the older adult community The csalsa team have conducted a number of workshops with policymakers on cyber resilience and on effective communication with the public. Csalsa work has been the topic of a Peepsec report to industry professionals. Csalsa work has led to a collaboration with Pinsent Masons in relation to developing new organisational survey tools to measure cybersecurity and the resulting tool has been entered into the 2022 Lawyer Awards Csalsa work also led to members of the Northumbria research team tendering for a government contract aimed at improving the security research culture across government departments. The work (jointly with SME ThinkCyber) is ongoing and in 2022 Northumbria University and ThinkCyber jointly engaged in a UK Government Small Business Research Initiative (SBRI) : Reducing Public Sector Risk through Culture Change (Phase One) where we ran workshops with various government departments in order to identify means to improve cybersecurity culture. |
First Year Of Impact | 2022 |
Sector | Digital/Communication/Information Technologies (including Software),Education,Government, Democracy and Justice,Security and Diplomacy |
Impact Types | Economic Policy & public services |
Description | Citation in the UK Government Secure by Design consultation document |
Geographic Reach | National |
Policy Influence Type | Citation in other policy documents |
URL | https://www.gov.uk/government/publications/secure-by-design/government-response-to-the-secure-by-des... |
Description | Response to the Internet Safety Strategy Green Paper |
Geographic Reach | National |
Policy Influence Type | Contribution to a national consultation/review |
URL | https://pactlab.gitlab.io/RF/greenpaper.htm |
Description | Centre for Digital Citizens - Next Stage Digital Economy Centre |
Amount | £3,797,252 (GBP) |
Funding ID | EP/T022582/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 11/2020 |
End | 10/2025 |
Description | Collaboration with UK government departments |
Organisation | Cabinet Office |
Country | United Kingdom |
Sector | Public |
PI Contribution | We worked with ThinkCyber Ltd to address a need for government cybersecurity culture change (as part of the Small Business Research Initiative (SBRI) - Reducing Public Sector Risk through Culture Change: Phase One). We proposed a holistic toolkit that (i) measures organisational security culture and its impact on the individual attitudes and behaviour, (ii) generates qualitative data around why security staff and users may have different cybersecurity priorities and (iii) generates actual behavioural data that is yolked to a related set of behavioural interventions and nudges designed to reduce risk across the board. We then use academic literature and first-hand data collected through the evaluation of our toolkit to address the nine hypotheses associated with this project, leading to a proposal for an updated holistic toolkit for identifying and changing security culture within government departments based on our learnings from the 12-week engagement. |
Collaborator Contribution | Our initial proposal was developed through meetings with government departments, including dedicated stakeholder workshops with the FCDO and BEIS (meetings organised via the Cabinet Office). In these workshops (which took place over a 12 week period) we were able to identify some of the key security culture challenges faced by diverse government departments. |
Impact | A final project report was developed - but this was not made available online. A meeting between Northumbria, ThinkCyber and the Cabinet Office took place in 2023. |
Start Year | 2022 |
Description | NCSC |
Organisation | National Cyber Security Centre |
Country | United Kingdom |
Sector | Public |
PI Contribution | Joint workshop on cyber-resilience. Working on guidance collaboratively |
Collaborator Contribution | Hosting workshop at Nova South, invitation list, planning outputs |
Impact | Cyber Resilience Workshop (March 2020) |
Start Year | 2020 |
Description | Research Institute for the Science of Cyber Security (RISCS) |
Organisation | Research Institute in Science of Cyber Security |
Country | United Kingdom |
Sector | Learned Society |
PI Contribution | cSALSA project has joined the RISCS phase two institute - contributions include attending workshops and community meetings, presenting research at RISCS meeting and contributing to the RISCS website |
Collaborator Contribution | RISCS has provided access to cyber security professionals for research as part of WP1. |
Impact | n/a yet. Disciplines are computer science and psychology / behavioural science. |
Start Year | 2017 |
Description | Contribution to All Party Parliamentary Group on Digital Identity |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Discussion in APPG on government priorities for digital identity management |
Year(s) Of Engagement Activity | 2017,2018 |
Description | Cyber resilience workshop |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | "Citizen-Centred Cyber Resilience: Building Resilient Communities from the Ground up" co-hosted with NCSC at Nova South. This workshop brought together experts on cyber security and community resilience to discuss how to build cyber-resilient communities. We began by framing the issue and introducing the different perspectives-community resilience in contexts other than cyber security and cyber resilience. Following a lunch break, participants engaged in round-table discussions on what a cyber-resilient community would look like, how it can be achieved, and what needs to be considered. The discussions were followed by presentations on existing citizen-centred cybersecurity initiatives. Attendees were from industry, government and academia. |
Year(s) Of Engagement Activity | 2020 |
Description | Half day workshop for government and industry on cyber communication |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Workshop held March 12th 2019 in London, organised by the EPSRC CyberSecurity Across the LifeSpan (cSALSA) project on the topic of 'Communicating Effectively about Cybersecurity Across the Lifespan'. The aim of the workshop is to introduce the work of the project teams on the cybersecurity challenges faced by different groups, and how that might lead to different approaches to communicating about cybersecurity threats and protective actions. The workshop will also include opportunities to work with cSALSA researchers and other policy / practitioner colleagues to share experiences on communicating effectively about cybersecurity, as well as a practitioner panel on the challenges of communicating about cybersecurity. The intended audience for the workshop is policy makers and practitioners who are involved in communicating about cybersecurity and designing interventions that target specific groups and/or behaviours or skills. |
Year(s) Of Engagement Activity | 2019 |
Description | Home Office briefing |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Presentation to Home Office cybercrime unit on CSALSA work |
Year(s) Of Engagement Activity | 2019 |
Description | MACG |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Presentation on CSALSA work to the Mult-Agency Commissioning Group at City of London Police (the group run national cybersecurity awareness campaigns) |
Year(s) Of Engagement Activity | 2019 |
Description | Presentation at Newcastle University PhD cybersecurity winter school |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Postgraduate students |
Results and Impact | Presentation of csalsa work at Winter Cybersecurity School (Jan 2020) |
Year(s) Of Engagement Activity | 2020 |
Description | Security Workshop for U3A |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | Regional |
Primary Audience | Public/other audiences |
Results and Impact | 40 members of the University of the Third Age (U3A) attended two separate workshops held by the cSALSA research team at the University. The interactive workshops focused on improving participants' understanding of security on the internet, specifically covering new guidance on creating "strong passwords" (three random words as recommended by the UK Government) as well as information on how passwords are compromised and best practices for safeguarding passwords. The impact of social engineering was also covered in the second workshop, with a focus on the reasons why people fall for scams (romance, email) and what to look out for. The workshop concluded with advice on how to avoid phishing scams, including tips for identifying the authenticity of emails (based on our previous work). Participants were encouraged to engage in a discussion over lunch and to ask any questions in relation to password creation/management, scams, or more general security advice. Based on positive feedback from participants, we were asked to organise another workshop focusing on privacy issues related to social media use. A follow up questionnaire suggested participants attempted to change some of their passwords (to three random words) as well as evaluated emails more critically after attending the workshops. |
Year(s) Of Engagement Activity | 2017 |
URL | https://pactlab.gitlab.io/RF/workshops.htm |
Description | Talk to PeerSec virtual summit |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Talk about the work of the csalsa project and the importance of considering cybersecurity across the lifespan and targetting information for different age groups |
Year(s) Of Engagement Activity | 2018 |
URL | https://www.peepsec.com/prof-adam-joinson/ |
Description | Workshop on Privacy (social media) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | Regional |
Primary Audience | Public/other audiences |
Results and Impact | Following on from the two Security workshops, the project team organised another workshop focused on privacy and social media. During this workshop - attended by 50 members of the University of the Third Age (U3A) - attendees were given information on how social media websites work, from features to financial models. They were encouraged to take part in an activity to help them think about the types of information that should be shared online and that should be kept offline. Participants were also given hands-on advice on how to change their privacy settings to maximise their online protection and extended discussion over lunch. Feedback from participants and the U3A representative was very good, with many members reportedly changing their privacy settings and being more cautious about the information they post. We have sent out a questionnaire to all attendees for an objective behaviour change measurement. |
Year(s) Of Engagement Activity | 2018 |
URL | https://pactlab.gitlab.io/RF/workshops.htm |
Description | contribution to workshop: Future Directions in Cyber Crime Research |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | RISCS and the Home Office workshop to discuss future research priorities and evidence gaps in relation to cyber crime. The cyber crime research field has been growing over the past years and we are beginning to see more join-up across the disciplines in tackling important research questions. However, we still have some way to go in resolving key evidence gaps regarding: • the scale, costs and consequences of cyber crime; • profiles and pathways into offending; • victimisation and how to improve cyber security behaviours amongst public and businesses; and • effectiveness of interventions to prevent, deter and disrupt offending. Building further understanding of these areas is key for tackling cyber crime and meeting objectives set out in the National Cyber Security Strategy. In the context of exciting plans for the expansion of RISCS, and further potential funding opportunities, we would like to invite you to a workshop with policy makers, law enforcement and academic colleagues from a range of disciplines, to help identify key evidence gaps and research opportunities for the future. |
Year(s) Of Engagement Activity | 2017 |
Description | presentation to Symantec R&D |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | 1 hr presentation on cSALSA research to Symantec R&D in UK, Germany and USA. |
Year(s) Of Engagement Activity | 2019 |
Description | presentation to the Cyber Aware Industry Forum (27th February, 2018) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | At the invitation-only event, we bring together organisations with a shared interest in encouraging consumers and small business owners to be more cyber secure, and discuss how best all sectors can work together to respond to the cyber threat. A government led, industry forum with a focus on the theme of protecting our online identity. Cyber Aware presents the risks cyber crime poses to customer and employee online identities, insights into public perceptions in this area, and the steps being taken to tackle this threat. I gave an invited presentation, followed by a panel discussion chaired by Britain Thinks that explored how our online identity is evolving and the opportunities this presents to cyber criminals, and how we can educate the public on the importance of protecting their personal information online. |
Year(s) Of Engagement Activity | 2018 |