RAPID: Collaborative Research: Employees' Response to OPM Data Breaches: Decision Making in the Context of Anxiety and Fatigue

RAPID：协作研究：员工对 OPM 数据泄露的反应：焦虑和疲劳背景下的决策

• 批准号: 1651060
• 负责人: Raghav Rao
• 金额: $ 3.33万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1651060&HistoricalAwards=false
• 关键词: RAPID; Collaborative; Research; Employees; Response

Nontechnical DescriptionAccording to recent reports in the press, the Office of Personnel Management (OPM) was hit hard in two recent cyber-attacks (OPM 2015). In April 2015, OPM discovered that personal data (e.g., Social Security Numbers, full name, and birth date) of 4.2 million current and former Federal government employees had been stolen (referred to as personnel records incident hereafter). Later in June 2015, OPM discovered that around 21.5 million employees - current and former Federal employees and contractors - were affected as their personal information such as Social Security Numbers, fingerprints, and background investigation records were compromised (referred to as background investigation records incident hereafter). Unlike other information, sensitive data such as the background investigation records, which include personal histories, relationships, and biometrics, reveal employees' personal lives are difficult to be re-issued. Typical protection such as a few months of credit monitoring may be insufficient in protecting victims from determined attackers. To date, little is known about how and why people decide and act in the aftermath of breaches involving their personal data. In particular, the role of data breach fatigue, manifested by insensitivity to data breaches and low estimate of fraud loss, in affecting people's decisions and actions is unknown. The existing research has also been silent on employees' decision making and reactions in response to data breaches. To fill this research gap, in this proposal, we plan to conduct a study that reveals the key decision factors, response actions, and the potential effect of data breach fatigue in the context of anxiety over the possible outcomes of the breach. Findings of the study will help in understanding employee reactions towards data breaches. New knowledge will help industry and policy makers develop intervention strategies that avert the effect of breach fatigueTechnical DescriptionThis proposal will explore the crucial issues that influence employees' responses in the context of the recent two OPM data breach incidents. This proposed research will compare these two different incidents and their impacts on different types of victims, employees who receive notification of the personnel records incident (now), employees who receive notification of both incidents (future), and employees who only receive notification of the background investigation records incident (future). We will also survey employees who have not received any notification, as a control group. In addition to self-reported data through surveys, we shall extend this study by capturing organic Twitter messages related to the two breach incidents in the respective time periods in 2015 to study how people coped with breach incidents. Utilizing natural language processing, we intend to (1) explore patterns of discourses associated with the data breach fatigue, (2) extract coping mechanisms from the discourses, and (3) compare coping mechanisms of employees, identified from the survey and those derived from the data mining.

对新闻报道的最新报道的非技术描述，人事管理办公室（OPM）在最近的两个网络攻击中受到了严重打击（OPM 2015）。 2015年4月，OPM发现420万当前和前联邦政府雇员的个人数据（例如社会保险号，全名和出生日期）被盗（称为以下事件的人事记录）。 2015年6月下旬，OPM发现，由于其个人信息，例如社会保险号，指纹和背景调查记录，大约有2150万名员工（现任和前联邦雇员和承包商）受到影响（称为后背景调查记录）。与其他信息不同，包括个人历史，人际关系和生物识别技术在内的敏感数据，例如背景调查记录，揭示了员工的个人生活很难重新发行。典型的保护（例如几个月的信用监控）可能不足以保护受害者免受确定的攻击者的侵害。 迄今为止，人们对人们如何以及为何在涉及其个人数据的违规后做出决定和行动知之甚少。特别是，数据泄露疲劳的作用是由于对数据泄露的不敏感和对欺诈损失的低估计而表现出来的，在影响人们的决策和行动中尚不清楚。现有的研究还对员工对数据泄露的决策和反应保持沉默。为了填补这一研究差距，我们计划进行一项研究，以揭示在焦虑对违规可能结果的焦虑中，数据泄露疲劳的潜在影响。该研究的结果将有助于理解员工对数据泄露的反应。新知识将帮助行业和政策制定者制定干预策略，以避免违规疲劳技术描述的影响，该提案将探讨在最近的两起OPM数据泄露事件的背景下影响员工反应的关键问题。这项拟议的研究将比较这两个不同的事件及其对不同类型的受害者的影响，收到人事记录事件通知的员工（现在），收到这两种事件通知（未来）的员工以及仅收到背景调查记录事件通知的员工（未来）。我们还将调查尚未收到任何通知的员工，作为对照组。除了通过调查进行自我报告的数据外，我们还将通过捕获与2015年相应时间段的两次违规事件相关的有机Twitter消息来扩展这项研究，以研究人们如何应对违规事件。利用自然语言处理，我们打算（1）探索与数据泄露疲劳相关的话语模式，（2）从话语中提取应对机制，以及（3）比较从调查和数据挖掘中得出的员工的应对机制。