Information and Data Security

Contextual Research

My Role

Research Lead

What I Did

Affinitization

Interviews

Type

Group Project 

Duration

10 Weeks

Contextual Research

Secondary Research

BRIEF

Contextual research is gathering quantitative and qualitative data on people in their everyday environment (such as school, at home or work). As contextual researchers, we observe how they feel and complete an activity and then gather big and thick data based on our observations. Observations, interviews, and sensory cues all help us have a better understanding of the user and what they want, based on how they feel when they interact with their electronic devices on a daily basis.

Our team spent 10 weeks researching what the Ideal Experience of Information and Data Security should be like. In todays world people don’t know who they can trust and if their personal information is being taken or used without their knowledge. To gather data my team interviewed 15 users, 3 experts, deployed a cultural probe with over 60 participants, and a sensory cue kit with 10 participants

The Team:

Research Plan:

In this project, our team utilized methods of contextual research to analyze Information and Data Security. Over these 10 weeks some methods we utilized were Observation, Secondary Research, Stakeholder maps, Interviews, Cultural Probes, Sensory Cue, Affinitizing, and How Might We questions.

Observation:

In contextual research, the first step is observation. Observations are completely non-bias and non-judgemental. This is used to see how people act in a real-life context while using the product being researched.

Our team completed 12 hours of observations. Over the 12 hours, we observed and covered 9 different locations. Some of our key observations were the number of people that used public wi-fi, what tasks people were completing in public settings, and how comfortable people seemed with sharing their information.

Our team found that this method was not the most effective method for gathering large sums of data.

Screenshot of Observation Document

Secondary Research:

Secondary research helps gather prior knowledge to have a better understanding of the topic. This can be done by completing a SWOT Analysis, a Popular Media Search, an Eras Map, and other research methods.

For our secondary research, we watched a Netflix film, The Great Hack by Lawrence Chadbourne, and other short videos about information and data security which helped our team have a deeper understanding of how valuable and important data is in our society. We organized all our data in a Excel spreadsheet to show the topic the source was relevant too, the link we found it at with citations, and a short summary. 

Screenshot of Secondary Research Document

Stakeholder Map:

Stakeholder mapping is a visual strategy used for identifying 

 

 

Interviews:

Our team conducted 3 expert interviews in various fields relating to Information and Data Security. Before conducting these interviewed we develop a guide of questions that we wanted to ask. In this guide there and six different kinds of questions. First there are closed and open ended questions. Then there are brain-based, heart-based, problem oriented questions, and future based questions. Using all of these kinds of questions allows us to gather more in-depth data. 

Expert Interview : Ricardo Irizarry

Ricardo graduated from the Gallatin School of Individualized Study at NYU in 2018, concentrating in Philosophy, Politics, and Economics and minoring in Psychology. He has put years of effort and research in simplifying cybersecurity for the average user and created a proof-of-concept of a viable, user-friendly solution for online security and anonymity called Ghost smart-router. Ricardo has designed Ghost to cater to the current and future needs of internet users globally with privacy and security at its core.

“The ideal secure data environment would be one where the data has been taken offline and put on a system that is air-gapped, where there is no internet connection nor has it ever been connected to the Internet, and that would be the ideal security.”

“To assume the identity of a person, you don't necessarily need to know the security questions or password you just need to be able to hack the email that you know that bank account uses. You hit change password button, you already have access to the email. When the email arrives you hit the link you change the password done bank account hacked.”

Expert Interview : Scott Welcome

Scott is an IT Director at Wellpath. He has worked in the field of technology for 25 plus years. His prior experience included owning and managing his own computer store, serving 6 years as a C.T.O and managing partner at TCI (cable and internet provided with over 100 properties). At Wellpath he oversees the security and network operations of, jails and prisons, local detentions, and civil hospitals.

“However, it can happen where hackers get through so that's where making sure that your users are trained well enough to know when they see something to not do it or click it or things like that”

“Society might improve their data security by stop going on social media and telling everybody where they're at every minute of the day. I would say being smart about what you do online, and just really paying attention”

“Make sure you have a separate email just for your crap that you register and things to, and just delete it all don't even look at it, and then you know, have one for your family. I've got God knows how many email accounts. When you see things that look odd, even if it comes from somebody you know, call them, ask them, don't just click it.“

Expert Interview : Josh Prowant

​Josh is a multi-disciplined technologist with experience in various ​Digital Forensics and Incident Response (DFIR)​ roles. ​As a Cyber Security Engineer at PNC, he focuses on reverse engineering malware, threat research, and application support and automation.

“Our company has physical security and multiple authentication methods such as badges and tokens. Employees are asked challenging questions when attempting to access sensitive information. When customers try to access the information they have multiple levels of authentication to make sure they are who they say they are. Our company also educates customers by providing resources for fraud activity so they are more aware.”

“To steal someone's identity, hackers need passwords and a little bit of public information about them. This includes the city they last lived in, spouse’s last name and other information that would be needed to answer stock questions. Hackers use open-source intelligence and some social engineering to gain this information.”

Cultural Probes: