A matter of time: exploring survival analysis through cybersecurity

Despite the impact of employee behavior on organizational security, the topic of cybersecurity historically remains the responsibility of Information Security Management researchers and Information Technology professionals. However, the exponential increase in the prevalence and repercussions of cyber-related incidents invites collaboration between the fields of I-O Psychology and cybersecurity. The proposed presentation discusses the potential for I-O Psychology to contribute to cybersecurity efforts while demonstrating the fundamentals and applicability of survival analysis

How to get a job: deception in the applicant advice industry

The performance of applicants in a job interview is a well-studied topic within I-O psychology, yet less attention has been given to applicant preparation throughout the hiring process. While professional interview coaching has been rigorously tested, the surfeit of freely-available information circulating the internet has yet to be examined for content accuracy and integrity. In an attempt to highlight this industry under-examined by researchers, the current study proposes an investigation of online materials aimed at job applicants. Particularly, the proposed study aims to determine the sources of advice materials and whether they promote applicant deception during the job interview. Using a team of trained undergraduate coders, the proposed study will systematically categorize and analyze all articles available through Google from March 2017 to March 2019. Articles will be coded according to their primary topic of advice (i.e., ideal attire, charismatic nonverbal behavior, or commonly-asked interview questions), the source of the information (i.e., professional publication, mainstream news outlet, non-professional publication), and the overall goal of the article. As the proposed study aims to determine whether the online advice industry attempts to enable applicants to promote themselves beyond their abilities—potentially compromising the integrity of the job interview—each article is labeled along a continuum of deception, from purely-descriptive Informational materials to more prescriptive Image Maintenance and Image Creation materials. Classification in this manner will provide a systematic overview of the content and motive of recent advice materials, informing I-O researchers and practitioners of the potential influence of this industry. Preliminary results from April 2017 point to a prevalence of descriptive Informational materials and somewhat-prescriptive Image Maintenance materials, with deception-tolerant Image Creation appearing less frequently. Materials focused on appropriate answers for popular interview questions (50% of articles), do’s and don’ts for leveraging social media in the hiring process (12% of articles), and the Knowledge, Skills, and Abilities contributing to successful job interviews (11% of articles). Mainstream news outlets emerged as the second-largest source of advice materials, publishing one-third of coded articles. Initial results suggest the promotion of mild impression management by the advice industry through self-enhancing techniques provided in Image Maintenance materials. Fully categorizing recent advice materials will enable more thorough examination and comparison of online advice materials to research-supported interview techniques. In the absence of other research on this industry, completion of the proposed study will enhance I-O understanding of the magnitude and nature of these materials’ impact

Survival of the safest: examining organization risk factors for cybersecurity incidents

[Invited adaptation from presentation proposal, A Matter of Time: Exploring Survival Analysis Through Cybersecurity] Given that employees pose a large threat to organizational cybersecurity, much research attention has been directed to identifying individual risk factors for cybersecurity noncompliance and misbehavior at the cost of examining broad organizational risk factors. However, no study to date has formally examined how the risk of organizational cybersecurity incident changes over time, or how organizational characteristics affect this risk. The proposed study aims to conduct a survival analysis (SA) of cybersecurity events across the past decade, examining broad factors that impact the changing probability of cyberincidents. In particular, the proposed study will examine associations between cyberbreaches and industry type, annual revenue, and the sensitivity of information handled in the organization. While other studies have examined organization-wide risk factors, none have done so in a longitudinal analysis such as SA. The proposed study emphasizes the necessity of examining changes in risk across time due to the abundant evidence that cybersecurity incidents are increasing in both frequency and severity. Previously-employed methods such as odds ratios fail to account for the time-based component needed for properly analyzing the continuously-changing threat of cyberattacks. To analyze the impact of organizational factors on the risk of cyberincident, the proposed study will record security breaches (or lack thereof) for organizations listed in the top Fortune 1000 from 2005 to 2019, using publically-available data on over 9,000 cyberincidents recorded by Privacy Rights Clearinghouse. Event data will be examined in R, and organizational factors will be examined for covariance with the risk of cyberincident. Preliminary results from 2004 Fortune 500 companies indicate significant associations between cyberincident risk and both industry type and annual revenue. By utilizing Survival Analysis, the proposed study will provide an enhanced, time-based view on the past prevalence of cybersecurity incidents and the organizational factors associated with increased risk. Emphasis of these factors serves to alert organizations of their unique vulnerabilities, inspiring increased attention to the subject of security