Project Pages
https://csrc.nist.gov/projects/scap-validation-program/validated-products-and-modules/141-threat-guard-scap-1-2-product-validation-recor
Validation Number: 141 Vendor: ThreatGuard Product Name: Secutor Compliance Automation Toolkit (S-CAT) Product Major Version: 5 Product Version Tested: 5.1.3.11 Tested Platforms: Microsoft Windows XP Professional, SP3, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows 7, SP1, 32 bit Microsoft Windows 7, SP1 64 bit Microsoft Windows 8.1, 32 bit Microsoft Windows 8.1, 64 bit Microsoft Windows Server 2012, 64 bit Red Hat Enterprise Linux 5, 32 bit Red Hat Enterprise Linux 5, 64...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/about/our-team
Kerrianne Buchanan is a Social Scientist in the Visualization and Usability Group at the National Institute of Standards and Technology (NIST). She works on projects seeking to improve human-system interaction by leveraging her background in cognitive and social psychology. Currently she conducts research to support NIST’s Public Safety Communications Research (PSCR) and Human-Centered Cybersecurity programs. She has a master’s degree in Applied Cognition in Neuroscience and a Ph.D. in Psychological Sciences from the University of Texas at Dallas. Yee-Yin Choong is a Human Factors...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/authentication
Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions. Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords. Publications Digital Identity Guidelines...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/cryptography
Although cryptography is an essential component of modern computing, implementing cryptography correctly is a non-trivial undertaking, often resulting in developers making errors and introducing vulnerabilities into their cryptographic products. Our cryptographic research is concerned with creating a baseline understanding of the practices and challenges of organizations that are developing products that use cryptography. This new understanding can help improve the assurance of cryptographic tools and the usability of cryptographic resources, such as standards and libraries. Publications...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/cybersecurity-adoption
People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including poor awareness, lack of knowledge/skill, and personal biases. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators. We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/internet-of-things
Internet of Things (IoT) technology is becoming more pervasive in the home environment. These technologies are increasingly used by non-technical users who have little understanding of the technologies or awareness of the security and privacy implications of use. We conduct research to help improve consumers' security and privacy experiences and outcomes when using IoT, with a specific focus on smart home devices. Our work in this area informed the human-centered label and consumer education considerations in IoT cybersecurity criteria for a consumer labeling program in response to NIST's...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/phishing
Phishing continues to be an escalating cyber threat facing organizations of all types and sizes, including industry, academia, and government. Our team performs research to understand phishing within an operational (real-world) context by examining user behaviors during phishing awareness training exercises. Our projects provide insights into users’ rationale and role in early detection, and how these might be scaffolded with technological solutions. Recent efforts have focused on the NIST Phish Scale, a method for rating the human detection difficulty of phishing emails considering both the...
Project Pages
https://csrc.nist.gov/projects/human-centered-cybersecurity/research-areas/privacy
We conduct research with an end goal of improving the usability of privacy mechanisms so that people are better able to protect their sensitive information online. Privacy is often integrated into our other research areas (also see Internet of Things, User Perceptions & Behaviors, Youth Security & Privacy). Publications Differential Privacy Videos What is differential privacy? (2018) Privacy Behaviors and Events Papers Non-breach Privacy Events - Simson L Garfinkel & Mary Theofanos. IEEE Security & Privacy (2018) Preserving Privacy – More Than Reading a Message -...
