Ecological validity in studies of security and human behaviour
I gave a keynote talk this week at the ISSNet workshop on “Ecological validity in studies of security and human behaviour” Here is the Abstract…
It is becoming increasingly clear that studies of the effectiveness of information security solutions must take into account the human factor — the behaviour of the users of the systems. Conducting research on human behaviour is hard, however, and it is often difficult to witness authentic behaviour in a laboratory environment. Ecological validity refers to the extent to which the results of a test or experiment can be applied to the real-life of the people being studied. Using a series of case studies from research on security-related behaviours, Dr. Patrick will lead a discussion about the nature of validity in research, the issues surrounding ecological validity, and research techniques that can be used to increase the validity of security studies.
And here are the slides with notes PDF (5.7 MB).