Tom Biselli, M.Sc.

Wissenschaftlicher Mitarbeiter / Doktorand

Kontakt: +49 (0) 6151 / 1620943 | biselli(at)peasec.tu-darmstadt.de

Technische Universität Darmstadt, Fachbereich Informatik,
Wissenschaft und Technik für Frieden und Sicherheit (PEASEC)
Pankratiusstraße 2, 64289 Darmstadt

Tom Biselli, M.Sc. ist wissenschaftlicher Mitarbeiter und Doktorand am Lehrstuhl Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) im Fachbereich Informatik der Technischen Universität Darmstadt.

Er studierte Psychologie (B.Sc.) an der Leopold-Franzens Universität Innsbruck sowie Psychologie mit Vertiefung in Cognitive-Affective Neuroscience (M.Sc.) an der Technischen Universität Dresden. Aufgrund seines Interesses für interdisziplinäre Themen an der Schnittstelle von Psychologie und Informatik fertigte er bereits seine Masterarbeit zum Thema Brain-Computer-Interfaces in der klinischen Anwendung bei Patienten nach Schlaganfall an. In diesem Zusammenhang befasste er sich intensiv mit der Analyse komplexer Daten sowie den Chancen, die neueste technologische Entwicklungen mit sich bringen. Die gesellschaftlichen Auswirkungen solch moderner Technologien im Allgemeineren sind nun Gegenstand seiner Forschung bei PEASEC. Hier liegt sein Fokus auf den Themenfelden Privacy und Misinformation in der digitalen Welt, die er unter Zuhilfenahme datengetriebenener Methoden wie z.B. Social Media Analytics untersucht.

Publikationen

  • Tom Biselli, Enno Steinbrink, Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2022)
    On the Challenges of Developing a Concise Questionnaire to Identify Privacy Personas
    Proceedings on Privacy Enhancing Technologies (PoPETs) .
    [BibTeX] [Abstract] [Download PDF]

    Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.

    @article{biselli_challenges_2022,
    title = {On the {Challenges} of {Developing} a {Concise} {Questionnaire} to {Identify} {Privacy} {Personas}},
    url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
    abstract = {Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Steinbrink, Enno and Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Security, UsableSec, A-Paper, Selected, Ranking-CORE-A, AuswahlUsableSec, Projekt-ATHENE-FANCY, Projekt-GRKPrivacy},
    }

  • Thea Riebe, Tom Biselli, Marc-André Kaufhold, Christian Reuter (2022)
    Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey
    Proceedings on Privacy Enhancing Technologies (PoPETs) .
    [BibTeX] [Abstract] [Download PDF]

    The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

    @article{riebe_privacy_2022,
    title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
    url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
    abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
    year = {2022},
    keywords = {Projekt-CYWARN, Security, UsableSec, A-Paper, Selected, Ranking-CORE-A, AuswahlUsableSec, Projekt-ATHENE-FANCY},
    }

  • Tom Biselli, Christian Reuter (2021)
    On the Relationship between IT Privacy and Security Behavior: A Survey among German Private Users
    Proceedings of the International Conference on Wirtschaftsinformatik (WI) Potsdam, Germany.
    [BibTeX] [Abstract] [Download PDF]

    The relevance of adequate privacy and security behavior in the digital space is higher than ever. However, the exact relationship between privacy and security behavior is rarely discussed in the literature. This study investigates this relationship and the role of socio-demographic factors (gender, age, education, political opinions) in such behavior. Exploratory results of a survey of German private users (N=1,219) show that privacy and security behavior are only weakly correlated and not similarly influenced by socio-demographic factors. While se-curity behavior significantly differs between age and education groups (younger and less educated show less security behavior), no such differences exist for pri-vacy behavior. Additionally, political orientation and opinion has no influence on privacy and security behavior. Thus, this study sheds light on the concepts of privacy, security and corresponding behavior and emphasizes the need for a fine-grained differentiation if either privacy or security behavior is to be improved.

    @inproceedings{biselli_relationship_2021,
    address = {Potsdam, Germany},
    title = {On the {Relationship} between {IT} {Privacy} and {Security} {Behavior}: {A} {Survey} among {German} {Private} {Users}},
    url = {https://peasec.de/paper/2021/2021_BiselliReuter_RelationshipITPrivacyandSecurityBehavior_WI.pdf},
    abstract = {The relevance of adequate privacy and security behavior in the digital space is higher than ever. However, the exact relationship between privacy and security behavior is rarely discussed in the literature. This study investigates this relationship and the role of socio-demographic factors (gender, age, education, political opinions) in such behavior. Exploratory results of a survey of German private users (N=1,219) show that privacy and security behavior are only weakly correlated and not similarly influenced by socio-demographic factors. While se-curity behavior significantly differs between age and education groups (younger and less educated show less security behavior), no such differences exist for pri-vacy behavior. Additionally, political orientation and opinion has no influence on privacy and security behavior. Thus, this study sheds light on the concepts of privacy, security and corresponding behavior and emphasizes the need for a fine-grained differentiation if either privacy or security behavior is to be improved.},
    booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI})},
    publisher = {AIS},
    author = {Biselli, Tom and Reuter, Christian},
    year = {2021},
    keywords = {HCI, Security, UsableSec, Ranking-CORE-C, Ranking-WKWI-A, Projekt-ATHENE-FANCY},
    pages = {1--17},
    }