5 years ago

April 10, 2011 Salzburg, Austria - WOMBAT project

April 10, 2011 Salzburg, Austria - WOMBAT project

Study on Information

Study on Information Security and e-Trust in Spanish households Pablo Perez San-José Information Security Observatory INTECO (National Institute of Communication Technologies) Av. José Aguado 41 - E-24001 León (Spain) ABSTRACT The study on Information Security and e-Trust in Spanish households has been conducted by INTECO – The National Institute of Communication Technologies ( – through the Information Security Observatory ( It is a study on the incidence and trust of users in the Internet by means of measuring the frequency of the episodes of individual risk in a wide sample of users that are monitored online on a monthly basis, combining quantitative data of incidences (monthly scans of home computers) and qualitative perception data (quarterly surveys). The study is supplied with data from more than 3,000 households with Internet connection, spread across the whole country. For the first time, it allows an evolutionary comparison of the situation regarding security, trust and the level of security incidents in the households of Spanish Internet users. In addition, it shows the habits that affect security on the Internet: security equipment at the households, the measures users take before and after incidents and the perception regarding security on the Internet in Spanish households. It also shows the increasing need of users to force Public Administrations “to make the Internet a safe place”. Categories and Subject Descriptors A.1 [General Literature]: Introductory and survey General Terms Measurement, Documentation, Security, Human Factors. Keywords Study, e-Trust, Spain, Indicators, 1. OBJECTIVES The general objective of this Study is to assess the security, trust and security level incidents in Spanish Internet user households. All this with the aim of promoting the knowledge and monitoring the main indicators and public policies related to Information Security and e-Trust. This assessment is carried out with a temporal perspective, with the aim of supporting and generating proposals with the aim of the Government making decisions to reduce the possible limitations and obstacles related to the security and trust of the users of the Net that affect the development of the Information Society in Spain. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Badgers'11, 10-APR-2011, Salzburg, Austria Copyright 2011 ACM /11/04…$10.00. 1 Susana de la Fuente Rodriguez Information Security Observatory INTECO (National Institute of Communication Technologies) Av. José Aguado 41 - E-24001 León (Spain) 1.1 Security Habits - Know the intentions for adopting the progresses regarding security in Internet in the near future. - Study the general demands of Internet users, households and citizens, for the better development of a secure and trustworthy Information Society. - To find out how habits of Internet use are developing and their possible influence on security risks. 1.2 Security and Vulnerability Incidents - Determine the level of the general impact of the risks of malware: computer viruses, Trojan horses, worms, spyware, etc. - Catalogue the most frequent types of malware, their capacity for spreading and their seriousness. - Itemize the differential exposure to risks per age group, level of training, experience as an Internet user, income, and other sociologically relevant variables. 1.3 Perception of Security - Obtain the general perception of the risk in view of computer viruses, threats to privacy and the security of payments, amongst others, as well as their evolution in time. - Determine the level of electronic trust from the users’ point of view. 1.4 System of Indicators - To establish a complete and consistent system of indicators to enable monitoring of the evolution of security on the Internet in access from households. - To understand the situation regarding Incidents and e-Trust of various groups and social strata, as well as the temporal trends of this situation. 2. METHODOLOGICAL DESIGN With a view to reach the objectives explained, strict incidence measures have been combined with subjective ones of security perception and trust in the Net. The aim is to establish a solid base on which information about the changes in the level of security and trust in Spanish homes can be gathered. This requires obtaining solid data about a sample that will provide longitudinal information, i.e., it is necessary to collect data about the homes and users at different moments of time. The methodology that best fulfils these criteria is the Dedicated online panel.

INTECO has developed an innovative methodology for its household Panel. It is made up of more than 3,000 households from around the country that have an Internet connection from which information is extracted from two sources: - On the one hand, the real level of security is analyzed with software that analyses the security incidents in home computers. This computer program, iScan – developed by INTECO –, is given to the panelists for them to install it on their computers. This software monthly scans the panelists' computers, detecting all malware present in them and also gathers data on the operating system and the state of its upto-dateness. The software sends this information to INTECO, who treats it completely anonymously and as a whole. The panelists are informed that they will not receive any information on their security incidents, even though the incidents may be dangerous for their computers, as the interest for knowing the general situation as reliably as possible prevails over warnings for solving individual problems. The panelists are duly informed of this situation and accept to participate under these conditions. - On the other hand, the perception and level of trust of domestic users will be analyzed by means of personal surveys. The panelists will answer a quarterly survey on their perception of security and their practices and behaviour on the Net. This allows analyzing and contrasting two parallel sources of information in the computer security area, which provides a great comparative advantage: it is possible to know the differences existing between the perception of security and the real situation of the panelists. In addition, this methodology also allows monitoring the following aspects through time: - The real security level. - The changes in perspective, opinions and habits, regarding security, undergone by users. In general, the gathering of information will be carried out according to the following plan: - Recruitment of the dedicated panel, by means of e-mail invitations. - Information on the type of collaboration required, incentive system and confidentiality conditions. - Invitation to scan the panelist’s computer that has access to the analysis program by a personalized identifier, in order to control participation and merge the data from the survey. - Quota control according to the sample design indicated in the “Sample size and distribution”. - Each wave of the Study represents a complete quarterly scanning and survey cycle. It allows for an evolutive comparison of the situation of Security and e-Trust. 2.1 Data sheet 2.1.1 Scope Spanish Internet users that have frequent access to the Internet from their homes and that are older than 15 years. To delimit the concept of user with more precision, we limit ourselves to users 2 that connect to the Internet at least once a month from their homes. 2.1.2 Sample size and distribution A representative sample of more than 3,000 Internet users (3,538 in the 14th wave of the Study, covering the 3rd quarter 2010), with a stable participation in the Panel has been extracted. This participation has been considered valid only in the cases in which the panelist had correctly completed the quarterly survey and correctly carried out a scan of her/his computer in, at least, two of the three months of each wave. The sample has been fixed according to a multistage model: - Stratification by regions, in order to guarantee a minimum set of subjects in each of these entities. - Sampling by quotas of home size, age, gender, work activity and size of habitat. Table 1. Sample distribution by sociodemographic categories (%) Activity Concept Sample obtained (14 th wave, julsep’2010) Theoretical sample Employed 53.8 71.7 Unemployed 18.2 4.6 Studying 17.3 16.1 Retired 5.9 3.0 Other non-workers 4.7 4.6 Size of the household 1 7.9 3.2 2 25.3 15.4 3 30.9 28.7 4 and more 35.9 52.7 Gender Male 52.5 53.7 Female 47.5 46.3 Age Up to 24 21.8 n.a. 25-34 28.2 n.a. 35-44 24.2 n.a. 45-54 15.9 n.a. 55 and more 9.8 n.a. Although the differences between the obtained sample and the theoretical one have been small, the sample has been adjusted to the scope, based on the data of the population by region, for the previously described scope and the quota variables, in order to reach a more perfect adjustment. In Table 1, we can see the sample distribution, according to demographical variables used to establish the said quotas.

D06 (D3.1) Infrastructure Design - WOMBAT project
6-9 December 2012, Salzburg, Austria Social Programme
Communication Plan for EGU 2011 April 3-8, 2011, Vienna, Austria
ECCMID meeting Vienna, Austria 10-13 April 2010 - European ...
8th Liquid Matter Conference September 6-10, 2011 Wien, Austria ...
8th Liquid Matter Conference September 6-10, 2011 Wien, Austria ...
April 10, 2011 - University of Cambridge
Top 10 Project Management Trends for 2011 from ESI International