IT Survey Request: Win an iPad2 or Kindle!

• Previous message (by thread): IT Survey Request: Win an iPad2 or Kindle!
• Next message (by thread): IT Survey Request: Win an iPad2 or Kindle!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 27, 2011, at 10:24 22AM, Michael Holstein wrote:

> 
>> I am a student at UCLA Anderson School of Managment and my MBA field study team is working on a research that involves conducting a survey of CIOs, IT Managers/Administrators, IT Engineers to understand challenges in managing IT infrastructure.
>> 
>> Could you please help by filling out this really short survey? 
> 
> A more cynical view would be as an MBA student, you're researching
> cheaper ways to recruit contact information and current projects. A
> kindle is $139 .. that's pretty cheap for a list of people/projects
> considering what that lead information is worth to vendors of the
> "solutions" to the challenges you ask about.

I know nothing of this student, the school, or the study.  I will say --
as an academic who frequently does research involving human subjects, 
generally including surveys -- that this is a very normal way to
proceed.  Finding enough subjects is always hard; it's the single
biggest obstacle we encounter.  Paying people is the usual approach,
but for a group like this, the usual nominal amount we pay undergrads
($10-25) isn't enough.  Other common approaches -- flyers all over
campus, offers on Mechanical Turk, ads on Facebook or Google Adwords,
etc. -- won't work if you're trying to get people with specialized
knowledge or skills.  What's left?

I might add that by federal law, all government-funded research
involving human subjects has to be approved by an "IRB" -- an
Institutional Review Board -- and many universities (including my
own) impose that requirement on all research, even if no federal
funds are involved.  While it's certainly not rare to do studies that
involve (initial) deceit of the subjects (you want them reacting
normally, rather than giving the answers they think you want), the
IRB has to see the full protocol and experiment design.

You may be right, of course; I can't say.  I haven't contacted the
student's professor nor have I asked to see the IRB protocol.  Given
that any legitimate study of this type would be conducted along the
lines explained in the original post, I'd say that the burden of
proof is on you.  (Of course, as a security guy I know full well
that that notion of "normal behavior" is the best way to hide an
attack.)

References: http://www.usenix.org/events/upsec08/tech/full_papers/garfinkel/garfinkel.pdf
	    https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

• Previous message (by thread): IT Survey Request: Win an iPad2 or Kindle!
• Next message (by thread): IT Survey Request: Win an iPad2 or Kindle!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]