Jeffrey Gainer Proudfoot

Establishing a foundation for automated human credibility screening

Automated human credibility screening is an emerging research area that has potential for high impact in fields as diverse as homeland security and accounting fraud detection. Systems that conduct interviews and make credibility judgments can provide objectivity, improved accuracy, and greater reliability to credibility assessment practices, need to be built. This study establishes a foundation for developing automated systems for human credibility screening.

Saving face on Facebook: privacy concerns, social benefits, and impression management

ABSTRACT The nearly ubiquitous use of online social networks generally entails substantial personal disclosure and elicits significant privacy concerns. This research uses Social Exchange Theory and the impression management (IM) literature to examine how privacy concerns can be counterbalanced by the perceived social benefits afforded by a social network’s ability to support IM. We frame social network use as an attempt to engage in IM, and we highlight the importance of a social network’s IM affordances in predicting social benefits from, and disclosure through, a social network. We test our model with a sample of 244 Facebook users, finding support for the proposed relationships and yielding the following contributions. First, this research provides a novel positioning of perceived IM affordances as a primary driver of both perceived social benefits and IM disclosure propensity. Second, this research illuminates that trust in both the social network provider and social network peers influences privacy concerns, social benefits, and perceived IM affordances. Our theory has important implications for researchers and practitioners interested in privacy issues within social networks.

Robustness of Multiple Indicators in Automated Screening Systems for Deception Detection

Abstract This study investigates the effectiveness of an automatic system for detection of deception by individuals with the use of multiple indicators of such potential deception. Deception detection research in the information systems discipline has postulated increased accuracy through a new class of screening systems that automatically conduct interviews and track multiple indicators of deception simultaneously. Understanding the robustness of this new class of systems and the limitations of its theoretical improved performance is important for refinement of the conceptual design. The design science proof-of-concept study presented here implemented and evaluated the robustness of these systems for automated screening for deception detection. A large experiment was used to evaluate the effectiveness of a constructed multiple-indicator system, both under normal conditions and with the presence of common types of countermeasures (mental and physical). The results shed light on the relative strength and robustness of various types of deception indicators within this new context. The findings further suggest the possibility of increased accuracy through the measurement of multiple indicators if classification algorithms can compensate for human attempts to counter effectiveness.

Organizational information security policies: a review and research framework

A major stream of research within the field of information systems security examines the use of organizational policies that specify how users of information and technology resources should behave in order to prevent, detect, and respond to security incidents. However, this growing (and at times, conflicting) body of research has made it challenging for researchers and practitioners to comprehend the current state of knowledge on the formation, implementation, and effectiveness of security policies in organizations. Accordingly, the purpose of this paper is to synthesize what we know and what remains to be learned about organizational information security policies, with an eye toward a holistic understanding of this research stream and the identification of promising paths for future study. We review 114 influential security policy-related journal articles and identify five core relationships examined in the literature. Based on these relationships, we outline a research framework that synthesizes the construct linkages within the current literature. Building on our analysis of these results, we identify a series of gaps and draw on additional theoretical perspectives to propose a revised framework that can be used as a basis for future research.

More Than Meets the Eye: How Oculometric Behaviors Evolve Over the Course of Automated Deception Detection Interactions

Abstract Eye-tracking technology has exhibited promise for identifying deception in automated screening systems. Prior deception research using eye trackers has focused on the detection and interpretation of brief oculometric variations in response to stimuli (e.g., specific images or interview questions). However, more research is needed to understand how variations in oculometric behaviors evolve over the course of an interaction with a deception detection system. Using latent growth curve modeling, we tested hypotheses explaining how two oculometric behaviors—pupil dilation and eye-gaze fixation patterns—evolve over the course of a system interaction for three groups of participants: deceivers who see relevant stimuli (i.e., stimuli pertinent to their deception), deceivers who do not see relevant stimuli, and truth-tellers. The results indicate that the oculometric indicators of deceivers evolve differently over the course of an interaction, and that these trends are indicative of deception regardless of whether relevant stimuli are shown.

The Security Expertise Assessment Measure (SEAM)

Hackers pose a continuous and unrelenting threat. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper develops and validates a conceptual-expertise-based tool that we call SEAM that can be used to discriminate between novice and expert hackers. This tool has the potential to provide information systems researchers with the following two key capabilities: (1) maximizing the generalizability of hacking research by verifying the legitimacy of hackers involved in data collections, and (2) segmenting samples of hackers into different groups based on skill thereby allowing more granular analyses and insights. This paper reports on samples from four different groups: security experts, students, security workers, and Amazon Mechanical Turk hackers. SEAM was able to differentiate between security expertise in different populations (e.g., experts and student novices). We also provide norm development by measuring security workers and Amazon Mechanical Turk hackers.

Evaluating the Feasibility of Using Noncontact Sensors to Conduct a Targetless Concealed Information Test

The standard Concealed Information Test (CIT) requires the use of target items to elicit physiological response differences between those concealing information and those naïve to target items. Interpersonal Deception Theory contends that deceivers often exhibit both strategic and nonstrategic behaviors in an attempt to appear truthful. This paper proposes a study designed to ascertain the feasibility of using noncontact sensors to conduct a target less CIT to elicit cues of strategic and nonstrategic behaviors indicative of concealed knowledge and deception. The ability to implement a CIT without target items increases the feasibility of CIT use in a number of border control, passenger screening, and document adjudication contexts.

A Comparison of Invasive and Noninvasive Sensors in the Concealed Information Test

Rapid screening requires identifying individuals concealing information promptly and noninvasively. The standard Concealed Information Test (CIT) is not conducive to a rapid screening context, however, researchers are investigating the ability to conduct adaptations of the CIT using noninvasive sensors. The purpose of this paper is to propose a study that will investigate and compare the accuracy rates of electro dermal, oculometric, and vocalic measures in identifying concealed information. The ability to detect criminals and high-risk individuals rapidly and with stand-off methods during security screening has implications for a wide variety of applications.

The HealthCare.gov project

This case describes the development of the HealthCare.gov website front-end, systems and databases supporting the implementation of the Affordable Care Act. In late October 2013, US Health and Human Services Secretary Kathleen Sebelius and US Centers for Medicare and Medicaid Services Administrator Marilyn Tavenner appear before a Congressional subcommittee to apologize about system glitches. The case gives students an opportunity to consider project risks that affected this huge systems development effort, and to consider how to ensure that millions of uninsured or underinsured Americans would be able to sign up for affordable health insurance.

Man vs. machine

Deception is an inevitable component of human interaction. Researchers and practitioners are developing information systems to aid in the detection of deceptive communication. Information systems are typically adopted by end users to aid in completing a goal or objective (e.g., increasing the efficiency of a business process). However, end-user interactions with deception detection systems (adversarial systems) are unique because the goals of the system and the user are orthogonal. Prior work investigating systems-based deception detection has focused on the identification of reliable deception indicators. This research extends extant work by looking at how users of deception detection systems alter their behavior in response to the presence of guilty knowledge, relevant stimuli, and system knowledge. An analysis of data collected during two laboratory experiments reveals that guilty knowledge, relevant stimuli, and system knowledge all lead to increased use of countermeasures. The implications and limitations of this research are discussed and avenues for future research are outlined. We present adversarial systems as a novel/growing area of IS research.Knowledge of a deception systems operations increases countermeasure use.Presenting deceivers with relevant stimuli increases countermeasure use.Truth tellers use countermeasures when aware of the systems functionality.An extensive set of novel countermeasures is identified.