Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness

M. Harbach, S. Fahl, Matthew Smith
{"title":"Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness","authors":"M. Harbach, S. Fahl, Matthew Smith","doi":"10.1109/CSF.2014.15","DOIUrl":null,"url":null,"abstract":"The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with them. However, the state of risk awareness in users during their everyday use of the modern Internet has not been studied in detail. While it is well known that users have a limited \"budget\" for security behavior and that trying to coerce them into considering additional risks does not work well, it remains unclear which risks are on users' minds and therefore already accounted for in terms of their budget. Hence, assessing which risks and which consequences users currently perceive when using information technology is an important and currently overlooked foundation to shape usability aspects of IT security mechanisms. In this paper, we present a survey of risk and consequence awareness in users, analyze how this may influence the current lack of adoption for improved security measures, and make recommendations how this situation can be alleviated.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"32","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 27th Computer Security Foundations Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2014.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 32

Abstract

The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with them. However, the state of risk awareness in users during their everyday use of the modern Internet has not been studied in detail. While it is well known that users have a limited "budget" for security behavior and that trying to coerce them into considering additional risks does not work well, it remains unclear which risks are on users' minds and therefore already accounted for in terms of their budget. Hence, assessing which risks and which consequences users currently perceive when using information technology is an important and currently overlooked foundation to shape usability aspects of IT security mechanisms. In this paper, we present a survey of risk and consequence awareness in users, analyze how this may influence the current lack of adoption for improved security measures, and make recommendations how this situation can be alleviated.
谁害怕哪只坏狼?IT安全风险意识调查
风险感知已被确立为安全研究中人的方面研究的重要组成部分。类似地,风险意识通常被认为是采用安全机制以及人们如何使用它们并与它们交互的核心前兆。然而,用户在日常使用现代互联网过程中的风险意识状况却没有得到详细的研究。众所周知,用户对安全行为的“预算”是有限的,试图强迫他们考虑额外的风险并不能很好地发挥作用,但仍然不清楚哪些风险是用户所考虑的,因此已经在他们的预算中考虑到了。因此,在使用信息技术时,评估用户当前感知到的风险和后果是塑造IT安全机制可用性方面的一个重要但目前被忽视的基础。在本文中,我们对用户的风险和后果意识进行了调查,分析了这可能如何影响目前缺乏采用改进的安全措施,并提出了如何缓解这种情况的建议。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信