Search

Celebrating Experts in Human Aspects of Cyber Security: Professor Karen Renaud

It is 8th of March, the International Women's Day, and many websites suddenly remember that women as well as representatives of other underrepresented groups are doing cool work in different fields, posting lists and summaries. In contract to the convention, at CyberBitsEtc, we decided to provide an in-depth view on the life and achievement of 5 inspirational women throughout this week, not only giving you links to follow, but explaining why these women are awesome and why they do groundbreaking work (with references to their talks, books, and articles!).


I have not seen these women on any power lists, which, in my own personal view is really unfair. They are unsung heroes, who help us get one step closer to understanding behavioural aspects of cyber security. This is not a ranking of any kind and it is heavily skewed towards my personal interests in cyber security. However, these are scholars and practitioners, whose work I can recommend to read, follow and admire. Because these women are worth it! And they are worth it not because they are women, they are worth it because they are really best at what they do.


Today's spotlight is on Professor Karen Renaud!


Karen is a Scottish Computer Scientist, researcher and professor, working on all aspects of Human-Centred Security and Privacy. She is a national of South Africa and UK. Karen's first (Honours) degree was in Mathematics, Mathematical Statistics and Computer Science, which she completed at the University of Pretoria. For several years Karen worked in industry before taking a career break to start a family (Karen has 3 children so for those of you who think that you cannot make a star career together with raising a family - think again!). Karen completed her Masters degree on a part-time basis juggling parenting, studies as well as work at the University of South Africa. In 1997 Karen received the Association of Commonwealth Universities scholarship and went to the University of Glasgow to complete her PhD. After defending her PhD dissertation, Karen worked at the University of South Africa, the University of Glasgow, and Abertay University in Dundee. Currently, she holds a position at the University of Strathclyde. Apart from the Association of Commonwealth Universities, Karen's work and projects were funded by the Royal Society, the Royal Academy of Engineers, and the Fulbright Commission. She is also the recipient of many prizes and awards , including the Literati Award in 2020. Karen is associate editor for Transactions on Computer Forensics and Security, Information Technology and People, the International Journal of Human Computer Studies and the Journal of Intellectual Capital.


Even though you probably have not heard about Karen, you almost definitely implement some of her research ideas in your organisation or in your day-to-day life. Karen’s research is wide ranging, covering all aspects of human-centred security, but her most well-known work is probably in two areas: (1) understanding how people set up passwords and what mistakes and errors they make when they make decisions about passwords and (2) her work on cyber security and children.


What I admire about Karen's work is that she always looks at humans as a solution not humans as a problem in cybersecurity. I still remember the first Karen's paper I read - it was an amazing discourse into how people select weak passwords not because they lack desire to be secure, but because computer systems do not understand human psychology and limitation of our memory and, hence, these systems require us to unnecessarily clutter our memories with unrelated series of letters and numbers, which we are simply incapable of remembering. This as well as other Karen's research on passwords is nicely summarized in her recent Wall Street Journal highlight article "People Need an Incentive to Use Strong Passwords".


Karen is a great example of truly interdisciplinary scholar, who successfully combines computer science, cyber security and behavioural science (this last bit is something I am particularly excited about, as you can imagine!). Specifically, Karen's work uses behavioural science techniques to improve security behaviours and to encourage end-user privacy-preserving behaviours. Her ground breaking research harnesses methods and techniques from disciplines other than cyber security to understand and influence people outcomes and reach behavioural change.

Here is her brilliant inaugural professorial talk at the University of Abertay in 2018, which nicely showcases her brilliant work.



What should you read from Karen's research? I suggest you go to her webpage and carefully look at her long list of publications. Here are some more specific suggestions, many of which are available for free download through Karen's ResearchGate page:


Behavioural Security:

  • Wajdan Al Malwi, Karen Renaud, Lewis Mackenzie. Users’ Information Disclosure Determinants in Social Networking Sites – A Systematic Literature Review. 23rd International Conference on Privacy and Information Technology on May, 24-25, 2021 at Montreal, Canada.

  • Building better digital public spaces Information Security Chapter

  • Jacques Ophoff, Graham Johnson, Karen Renaud. Cognitive Function vs. Accessible Authentication: Insights from Dyslexia Research. Web4All. Slovenia. April 2021

  • Verena Zimmermann, Karen Renaud. The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions. ACM Transactions on Computer-Human Interactions. 28(1). 2021 https://chi2021.acm.org.

  • Wajdan Al Malwi, Karen Renaud, Lewis Mackenzie. Users’ Information Disclosure Determinants in Social Networking Sites – A Systematic Literature Review. 23rd International Conference on Privacy and Information Technology on May, 24-25, 2021 at Montreal, Canada.

  • Karen Renaud. Your used USB drive might look empty, but it probably isn’t. Public Sector Executive. Nov/Dec 2020

  • Karen Renaud, Verena Zimmermann. How to Nudge in Cybersecurity. Network Security November 2020

  • Merrill Warkentin, Karen Renaud, Bob Otondo. A secure relationship with passwords means not being too attached to how you pick them. The Conversation. February 2019

  • Karen Renaud, Bob Otondo, Merrill Warkentin. “This is the way ‘I’ create my passwords” … does the endowment effect deter people from changing the way they create their passwords? Computers & Security Volume 82, May 2019, Pages 241-260. https://doi.org/10.1016/j.cose.2018.12.018

  • Nora Alkaldi and Renaud, Karen, Encouraging Password Manager Adoption by Meeting Adopter Self-Determination Needs (Extended Version) (October 2, 2018). Available at SSRN: https://ssrn.com/abstract=3259563

  • Karen Renaud, Verena Zimmerman. Nudging Folks Towards Stronger Password Choices: Providing Certainty is the Key. Behavioural Public Policy. Volume 3, Issue 2, 12 February 2018, pp. 228-258. DOI: https://doi.org/10.1017/bpp.2018.3 https://doi.org/10.1017/bpp.2018.3

  • Karen Renaud and Verena Zimmermann. Ethical Guidelines for Nudging in Information Security & Privacy. International Journal of Human Computer Studies. Volume 120, December, Pages 22-35 2018. https://doi.org/10.1016/j.ijhcs.2018.05.011

  • Karen Renaud & Merrill Warkentin. Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact. NSPW, Oct 2017, San Francisco, USA

Responsibilization:

  • Karen Renaud, Craig Orgeron, Merrill Warkentin, P. Edward French Cyber Security Responsibilization: An Evaluation of the Intervention Approaches Adopted by the Five Eyes Countries and China. Public Administration Review. To Appear

  • Karen Renaud, Stephen Flowerday, Merrill Warkentin, Craig Orgeron, William Cockshott. Is the Responsibilization of the Cyber Security Risk Reasonable and Judicious? Computers & Security. 78 (2018) 198–211. https://doi.org/10.1016/j.cose.2018.06.006 https://www.sciencedirect.com/science/article/pii/S0167404818303262

Children and Cyber:

  • Suzanne Prior and Karen Renaud. Age-Appropriate Password “Best Practice” Ontologies for Early Educators and Parents. To Appear in the International Journal of Child-Computer Interaction. https://doi.org/10.1016/j.ijcci.2020.100169. https://www.sciencedirect.com/science/article/abs/pii/S2212868920300040?via%3Dihub

  • Karen Renaud. A Strong Password Cannot Keep a Child Safe Online. Network Security. p20. January 2020.

Intellectual Capital:

  • Ivano Bongiovanni, Karen Renaud, George Cairns. Securing Intellectual Capital: An Exploratory Study in Australian Universities. Journal of Intellectual Capital. To Appear. 2020. https://doi.org/10.1108/JIC-08-2019-0197

  • Karen Renaud, Basie von Solms, Rossouw von Solms. How does Intellectual Capital Align with Cyber Security? Journal of Intellectual Capital. Vol. 20 No. 5, pp. 621-641. 2019. https://doi.org/10.1108/JIC-04-2019-0079

  • Ian Ferguson, Karen Renaud, Sara Wilford, Alastair Irons. PRECEPT: A FRAMEWORK FOR ETHICAL DIGITAL FORENSICS INVESTIGATIONS. Journal of Intellectual Capital. To Appear 2020 https://doi.org/10.1108/JIC-05-2019-0097

Paradigm Challenges:

  • Verena Zimmermann and Karen Renaud. Moving from a “Human-as-Problem” to a “Human-as-Solution” Cybersecurity Mindset. International Journal of Human Computer Studies. Volume 131, November 2019, Pages 169-187. Special Issue:50 Years of IJHCS. https://doi.org/10.1016/j.ijhcs.2019.05.005 https://authors.elsevier.com/a/1Zc2x3pfaRfSky