Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Survey - School of Computer Science

advertisement 
Study Main Script:
We will show here the main script for the study that includes the variables that will be changes
and randomized across participants in the sample. We will follow that with an example of
what a condition of the study may look like.
You are working on your laptop using $NetworkType. You are $transactiontype. You are
relying on a web browser to perform your task. The browser is already using SSL for the
session. To log in to the system and start your task, you will need to authenticate using
$PWStrength. The system will $AutoLogOff
The $Threat is a serious security concern. Please answer the following questions with
regards to mitigating this threat.
$NetworkType values:
1. Your employer’s network at your office
2. Public unencrypted Wi-Fi at a public area (restaurant, airport)
3. Your employer’s VPN that you connected to through public unencrypted Wi-Fi
4. Your employer’s VPN that you connected to through public encrypted Wi-Fi
$transactiontype values:
1. Accessing your email account and replying to confidential emails.
2. Performing a financial transaction using your credit card
$PWStrength
1. A password that is at least 8 characters long.
2. A password that is at least 16 characters and must include an uppercase and a
lowercase letter, a symbol, and a number digit.
$AutoLogOff
1. Automatically log you off the session after 15 minutes of inactivity
2. Never time-out
$Threat
1. Man-in-the-middle
2. Packet-sniffing
Q1: Overall, how would you assess the security of system in the scenario above?
- Adequate security measures that is enough to mitigate the threat
- Inadequate security measures that not enough to mitigate the threat
- Excessive security measures that exceeds the requirements to mitigate the threat
Q2: For each of the following security settings in the scenario above, please indicate their
level of security that influenced your answer for question 1.
The flowing is a definition of the legends used in the table:
- Excessive: The item describes an excessive measure for my security needs.
- Adequate: The item describes a measure that is enough for my security needs.
- Inadequate: The item describes a measure that is don’t meet my minimum-security
requirements
- - No Effect: This item had no effect on my decision regarding the overall system security
(for this question, we might decide to use a slider scale instead of the likert scale used, or we
might conduct the study with both to compare)
Excessive
Adequate
Inadequate
No effect
$NetworkType
$transactiontype
$Threat
$PWStrength
$AutoLogOff
Please list any comments for improvement that you may have.
(Repeat the first question to test if we primed them)
Q3: Overall, how would you assess the security of system in the scenario above?
- Adequate security measures that is enough to mitigate the threat
- Inadequate security measures that not enough to mitigate the threat
- Excessive security measures that exceeds the requirements to mitigate the threat
Example:
The following is an example of what a participant may see network type scenarios:
You are working on your laptop using your employer’s network at your office. You are
accessing your email account and replying to confidential emails.
You are relying on a web browser to perform your task. The browser is already using SSL
for the session. To log in to the system and start your task, you will need to authenticate
using a password that is at least 8 characters long. The system will never time out.
The man-in-the-middle attack is a serious security concern. Please answer the following
questions with regards to mitigating this threat.
Q1: Overall, how would you assess the security of system in the scenario above?
- Adequate security measures that is enough to mitigate the threat
- Inadequate security measures that not enough to mitigate the threat
- Excessive security measures that exceeds the requirements to mitigate the threat
Q2: For each of the following elements in the scenario above, please indicate their level of
security that influenced your answer for question 1.
The following is a definition of the legends used in the table:
- Excessive: The item describes an excessive measure for my security needs.
- Adequate: The item describes a measure that is enough for my security needs.
- Inadequate: The item describes a measure that is don’t meet my minimum-security
requirements
- - Inadequate: This item had no effect on my decision regarding the overall system
security
Excessive
Adequate
Inadequate
No Effect
employer’s network at your office
☐
☐
☐
☐
accessing your email account and
replying to confidential emails
Man-in-the-middle-attack
☐
☐
☐
☐
☐
☐
☐
☐
need to authenticate using a password
that is at least 8 characters long
The system will never time out
☐
☐
☐
☐
☐
☐
☐
☐
Please list any comments for improvement that you may have.
1. How would you describe your level of expertise in computer security?
(Check all that apply)
[ ] I understand how to configure file system permissions on my preferred operating
system for multiple users
[ ] I understand how to configure a firewall to close unnecessary ports and prevent
unwanted scanning
[ ] I understand how to setup PKI for personal or enterprise systems
[ ] None of the above
2. In Linux or Mac OS X, which of the following commands is used to change read
permissions for the owner of a file or directory:
( ) chmod
( ) chgrp
( ) chown
( ) chroot
3. In Linux or Mac OS X, the setgid flag for the group permission on a directory is used
to:
( ) Grant group members read and write access to the directory
( ) Propagate the group name to new files in the directory
( ) Set the user identifier for the owner of the directory
( ) Restrict permission to execute files in the directory to only group members
4. Companies allow their employees remote access to the network (e.g., they work
from home, travel, etc.). What is a company’s most important motivation for
requiring employees to use a VPN when remotely accessing the network?
( ) Guarantee encrypted traffic, which secures against the impact of running packet
sniffers (e.g. Wireshark, TCPDump, etc.)
( ) To secure the employee’s connection to the company’s internal servers (e.g. e-mail
server)
( ) To prevent opening a public port to the company’s private network
( ) To ensure data encryption throughout the whole session.
5. Which of the following is considered a good encryption algorithm for encrypting
files on your hard disk:
( ) SSL
( ) PGP
( ) SHA256
( ) MD5
( ) TLS
( ) AES
( ) DES
6. From the following list, choose the most secure algorithm for hashing:
( ) SSL
( ) PGP
( ) SHA256
( ) MD5
( ) TLS
( ) AES
7. Please Mark True or False:
T
F
The Diffie-Hillman key exchange protocol is not resistant to the Man-in-the-Middle attack
()
()
Opening a (* .exe) malware file from email attachments is equally harmful on MAC, Linux
and Windows platforms.
()
()
It is a good secure practice to use the setuid flag on directories in UNIX-based systems
()
()
8. Consider the following firewall rules (Linux)
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
Why would an administrator set these rules:
( ) To allow outgoing SSH secure connections.
( ) To allow incoming SSH secure connections.
( ) To allow both: outgoing and incoming SSH secure connections.
( ) To allow both: outgoing and incoming SSH secure connections but only to a specific
network.
Demographics
1. Please choose your preferred operating system for daily use:
( ) Microsoft Windows
( ) Mac OS X
( ) Linux. (Please specify distribution): _________________________________________________*
( ) Other. (Please specify): _________________________________________________*
2. What is your gender?
( ) Male
( ) Female
( ) Prefer not to say
3. What is your age group?
( ) 18-24
( ) 25-34
( ) 35-54
( ) 55+
4. Please indicate the source(s) of your security knowledge and background:
[ ] academic classes
[ ] job training
[ ] self-taught
[ ] other-please specify: _________________________________________________*
5. Which job role from the list below is closest to you:
please check all that applies
[ ] programmer
[ ] web application developer
[ ] systems developer
[ ] systems administrator
[ ] network administrator
[ ] security analyst
[ ] business analyst
[ ] software engineeer
[ ] professor
[ ] graduate student
[ ] undergraduate student
[ ] Other, technology related. (Please specify): _________________________________________________*
[ ] Other, non-technology related. (Please specify): ___________________________________________*
6. What is the highest degree of education that you have completed:
( ) Graduated high school or equivalent
( ) Some college, no degree
( ) Associate degree
( ) Bachelor's degree
( ) Masters graduate degree
( ) PhD degree
7. What is your annual household income:
( ) Less than $25,000
( ) $25,000 to $34,999
( ) $35,000 to $49,999
( ) $50,000 to $74,999
( ) $75,000 to $99,999
( ) $100,000 to $124,999
( ) $125,000 to $149,999
( ) $150,000 or more
30) Which country do you reside in?
Related documents
Stress Management - Dr. Fayose
Stress Management - Dr. Fayose
Presentation - WordPress.com
Presentation - WordPress.com
Message to Parents RE: Lockdown
Message to Parents RE: Lockdown
parent letter - concerns
parent letter - concerns
Colonel Jeff Cooper - Mount Adams Fish and Game Association
Colonel Jeff Cooper - Mount Adams Fish and Game Association
Porters Five Forces
Porters Five Forces
RUN
RUN
OCTAVE…
OCTAVE…
Single Officer Response to Active Threats
Single Officer Response to Active Threats
SMS - FltPlan.com
SMS - FltPlan.com
Download
advertisement