This page is historic. I am currently a senior research fellow at the Institute for the Study of Science, Technology and Innovation at the University of Edinburgh.
From 2006 - 2011, I was a post-doctoral research fellow here in the The Information Security Research Group in the Department of Computer Science at UCL, specialising in human aspects of information security.
I worked on a project called Trust Economics. This project was enhancing understanding of the attitudes and responses of employees to organisational security policies. This was a collaboration with researchers at the Universities of Bath, Aberdeen, and Newcastle, HP Labs, and a utilities sector partner. The project was modelling the behavioural consequences of policy interventions. This will enable systems designers, implementers, and managers to make choices to promote more effective security cultures.
The Trust Economics project was based around a number of case studies. Following an initial study of the impact of which might follow from a policy which enforces the encryption of USB memory sticks for transport of data between organisational sites and elsewhere, we have conducted a large diary-based study into the impacts of password use. We are currently investigating the economic implications of trust vs. assurance (or enforcement) in implementing security policies. There is also a study of the implications of enterprise-DRM.
In June 2009, we organised a very successful Workshop around the issues of Trust Economics, in conjunction with WEIS 2009
Previously, I worked on an EPSRC funded project in Grid security, Easy Expression of Authorisation Policies This is part of the PERMIS Project, an integrated infrastructure for Grid security.. The principal investigators on this project were David Chadwick at the University of Kent (PI) and Angela Sasse here in Computer Science at UCL (CoI). Through interviews with e-scientists with varying roles in different application areas, this project identified the complex security needs of Grid users and the terms they use to describe them. This understanding formed the basis for the design of an OWL ontology which can be expressed in controlled natural language and output as PERMIS XML or, potentially, XACML. This provides a controlled natural language enhancement to the existing PERMIS policy editor. The HCI interest is in understanding how this controlled natural language enables target users to express complete and accurate PERMIS authorizations policies, without requiring them to have a full understanding of the underlying access control model.
I completed my PhD studies here at UCL in June, 2007. My thesis investigated the relationships between public policy and lived experience in HCI, using case studies from e-government as applied to transport, with a focus on London. You can find my thesis "Public Policy, Technology and Lived Experience: Three Case Studies of Technology in Support of Urban Transport Policies in London" here. My supervisor was Angela Sasse and my second supervisor was Helen Margetts who is now at the Oxford Internet Institute and is an Honorary Senior Research Fellow at the UCL School of Public Policy.
Before that I did an MSc in New Media, Information and Society at the London School of Economics. I did my MSc. part-time while working for an Internet Service Provider, Direct Connection, which became part of Netscalibur, now part of Claranet.
Before that I worked with GreenNet, a collective dedicated to supporting NGOs, groups and individuals through the use of Information and Communication Technologies. Before GreenNet, I worked with Poptel, the Internet Cooperative. Before that I had a career in commercial computing.
My first degree was in Mathematics at the University of Exeter.