Empirical Research Methods in Usable Privacy and Security

Researchers in the usable privacy and security (UPS) field study privacy- and security-relevant perceptions and behaviors and aim to design systems that simul- taneously address requirements for usability/user experience, security, and privacy. Human-computer interaction (HCI) and social science research methods are well-suited to study many of the types of questions that are relevant in UPS, which often involve concepts such as subjective experience, attitudes, understanding, behavior and behavior change. However, there are many challenges specific to UPS that are not usually described in more generic methods textbooks. We highlight techniques for risk representation, options for participant recruitment, ethics-related topics in study design, and biases that may play a role in UPS studies with human participants

Impact of pre-hospital handling and initial time to cranial computed tomography on outcome in aneurysmal subarachnoid hemorrhage patients with out-of-hospital sudden cardiac arrest—a retrospective bi-centric study

BackgroundAneurysmal subarachnoid hemorrhage (SAH) presents occasionally with cardiac arrest (CA). The impact of pre-hospital and emergency room (ER) treatment on outcome remains unclear. Therefore, we investigated the impact of pre-hospital treatment, focusing on lay cardiopulmonary resuscitation (CPR), and ER handling on the outcome of SAH patients with out-of-hospital CA (OHCA).MethodsIn this bi-centric retrospective analysis, we reviewed SAH databases for OHCA and CPR from January 2011 to June 2021. Patients were analyzed for general clinical and epidemiological parameters. CPR data were obtained from ambulance reports and information on ER handling from the medical records. Data were correlated with patient survival at hospital discharge as a predefined outcome parameter.ResultsOf 1,120 patients with SAH, 45 (4.0%) were identified with OHCA and CPR, 38 of whom provided all required information and were included in this study. Time to resuscitation was significantly shorter with lay resuscitation (5.3 ± 5.2 min vs. 0.3 ± 1.2 min, p = 0.003). Nineteen patients were not initially scheduled for cranial computed tomography (CCT), resulting in a significantly longer time interval to first CCT (mean ± SD: 154 ± 217 min vs. 40 ± 23 min; p < 0.001). Overall survival to discharge was 31.6%. Pre-hospital lay CPR was not associated with higher survival (p = 0.632). However, we observed a shorter time to first CCT in surviving patients (p = 0.065)ConclusionsOHCA in SAH patients is not uncommon. Besides high-quality CPR, time to diagnosis of SAH appears to play an important role. We therefore recommend considering CCT diagnostics as part of the diagnostic algorithm in patients with OHCA

A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research

Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most appropriate, we conducted a systematic literature review of methods used in security and privacy studies with human participants. From a sample of 633 papers published at five top conferences between 2014 and 2018 that included keywords related to both security/privacy and usability, we systematically selected and analyzed 284 full-length papers that included human subjects studies. Our analysis focused on study methods; risk representation; the use of prototypes, scenarios, and educational intervention; the use of deception to simulate risk; and types of participants. We discuss benefits and shortcomings of the methods, and identify key methodological, ethical, and research challenges when representing and assessing security and privacy risk. We also provide guidelines for the reporting of user studies in security and privacy

A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research

Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most appropriate, we conducted a systematic literature review of methods used in security and privacy studies with human participants. From a sample of 633 papers published at five top conferences between 2014 and 2018 that included keywords related to both security/privacy and usability, we systematically selected and analyzed 284 full-length papers that included human subjects studies. Our analysis focused on study methods; risk representation; the use of prototypes, scenarios, and educational intervention; the use of deception to simulate risk; and types of participants. We discuss benefits and shortcomings of the methods, and identify key methodological, ethical, and research challenges when representing and assessing security and privacy risk. We also provide guidelines for the reporting of user studies in security and privacy