MATERIALS RELATED TO THE FIRST EXPERIMENT
-
Certificate of Ethical ApprovalCertificate of Approval
Reference Number ER/MY68/2
Title Of Project Improving Password Security in Organizations
Principal Investigator (PI): Ian Mackie
Student Merve Yildirim
Collaborators
Duration Of Approval 1 month
Expected Start Date 15-Aug-2016
Date Of Approval 05-Oct-2016
Approval Expiry Date 30-Oct-2016
Approved By David Reby
Name of Authorised Signatory
Date 05-Oct-2016
*NB. If the actual project start date is delayed beyond 12 months of the expected start date, this Certificate of Approval will lapse and the project will need to be reviewed again to take account of changed circumstances such as legislation, sponsor requirements and University procedures.
Please note and follow the requirements for approved submissions:
Amendments to protocol
* Any changes or amendments to approved protocols must be submitted to the C-REC for authorisation prior to implementation.
Feedback regarding the status and conduct of approved projects
* Any incidents with ethical implications that occur during the implementation of the project must be reported immediately to the Chair of the C-REC.
Feedback regarding any adverse and unexpected events
* Any adverse (undesirable and unintended) and unexpected events that occur
during the implementation of the project must be reported to the Chair of the Social Sciences C-REC. In the event of a serious adverse event, research must be stopped immediately and the Chair alerted within 24 hours of the occurrence. For Life Sciences and Psychology projects
* The principal investigator is required to provide a brief annual written statement to the committee, indicating the status and conduct of the approved project. These reports will be reviewed at the annual meeting of the committee. A statement by the PI to the C-REC indicating the status and conduct of the approved project will be required on the Approval Expiration Date as stated above.
-
Recruitment LetterRe: Improving Password Security in the Organisations Dear <<insert name>>
As a doctoral researcher at University of Sussex, I am writing to invite you to participate in an academic study entitled “Improving Password Security in Organisations”. I am specifically contacting you because of your wealth of expertise and experience in this area.
With this study, I aim to explore the reasons why employees are not motivated to protect their passwords against potential security failures within the organisation. There is a wealth of research demonstrating that, despite technical precautions taken by people within the organisation, undesired password-related behaviours cause organisations to lose confidential information.
In this study, I will be using some selected scientific methods and approaches to study employees' insecure password practices and persuade and motive them to behave in a more secure manner. To do this, firstly, underlying reasons that cause users' lack of engagement with password security should be investigated and suitable methods should be applied to prevent possible security failures. For this, I aim to conduct in-depth interviews and surveys with employees in different positions who use passwords to access organisational information in several organisations in Turkey.
Taking part in this research is optional but your extensive knowledge and experience in the field is highly valuable to the study. Enclosed you will find the Information Sheet and Consent Form, which contain more information about the study and your role, should you choose to participate. A follow-up email or a call will be made on <<date>> to answer any questions you might have about participating.
If you wish to opt out of future contact, please email the address at the top of this letter to request that no further contact be made. Agreement to be contacted or request for more information does not obligate you to participate in any study.
If you would like additional information about this study please email [email protected]
Thank you for considering this research opportunity. Best Regards,
Merve Yildirim Doctoral Researcher
Department of Informatics Chichester 2 University of Sussex Brighton, BN1 9SJ, UK
-
Consent FormProject Title: Improving Password Security in Organisations Researcher’s Contact Details:
Merve Yıldırım Doctoral Researcher Department of Informatics University of Sussex Brighton, BN1 9SJ, UK Email: [email protected] Name of Participant ... I agree to take part in the above University of Sussex research project. I have had the project explained to me and I have read and understood the Information Sheet, which I may keep for my records. I understand that agreeing to take part means that I am willing to:
- Be interviewed by the researcher; - Allow the interview to be audio taped; - Make myself available for a further interview should that be required. However, I am aware that the follow-up is by invitation only and I can refuse to take part at any stage without giving an explanation.
I understand that any information I provide is confidential, and that no information that I disclose will lead to the identification of any individual in the reports on the project, either by the researcher or by any other party.
I understand that I will have an option of seeing the transcript of data concerning me before it is included in the write up of the research.