Natalie R. Lodinger, Keith S. Jones, Akbar Siami-Namin, Benjamin P. Widlus
{"title":"非专家对不同网络攻击后果严重性的看法:对设计警告信息和建模威胁的启示","authors":"Natalie R. Lodinger, Keith S. Jones, Akbar Siami-Namin, Benjamin P. Widlus","doi":"10.54941/ahfe1002212","DOIUrl":null,"url":null,"abstract":"Cyber-defenders must account for users’ perceptions of attack consequence severity. However, research has yet to investigate such perceptions of a wide range of cyber-attack consequences. Thus, we had users rate the severity of 50 cyber-attack consequences. We then analyzed those ratings to a) understand perceived severity for each consequence, and b) compare perceived severity across select consequences. Further, we grouped ratings into the STRIDE threat model categories and c) analyzed whether perceived severity varied across those categories. The current study’s results suggest not all consequences are perceived to be equally severe; likewise, not all STRIDE threat model categories are perceived to be equally severe. Implications for designing warning messages and modeling threats are discussed.","PeriodicalId":373044,"journal":{"name":"Human Factors in Cybersecurity","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Non-Experts' Perceptions Regarding the Severity of Different Cyber-Attack Consequences: Implications for Designing Warning Messages and Modeling Threats\",\"authors\":\"Natalie R. Lodinger, Keith S. Jones, Akbar Siami-Namin, Benjamin P. Widlus\",\"doi\":\"10.54941/ahfe1002212\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber-defenders must account for users’ perceptions of attack consequence severity. However, research has yet to investigate such perceptions of a wide range of cyber-attack consequences. Thus, we had users rate the severity of 50 cyber-attack consequences. We then analyzed those ratings to a) understand perceived severity for each consequence, and b) compare perceived severity across select consequences. Further, we grouped ratings into the STRIDE threat model categories and c) analyzed whether perceived severity varied across those categories. The current study’s results suggest not all consequences are perceived to be equally severe; likewise, not all STRIDE threat model categories are perceived to be equally severe. Implications for designing warning messages and modeling threats are discussed.\",\"PeriodicalId\":373044,\"journal\":{\"name\":\"Human Factors in Cybersecurity\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Human Factors in Cybersecurity\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.54941/ahfe1002212\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Human Factors in Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54941/ahfe1002212","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Non-Experts' Perceptions Regarding the Severity of Different Cyber-Attack Consequences: Implications for Designing Warning Messages and Modeling Threats
Cyber-defenders must account for users’ perceptions of attack consequence severity. However, research has yet to investigate such perceptions of a wide range of cyber-attack consequences. Thus, we had users rate the severity of 50 cyber-attack consequences. We then analyzed those ratings to a) understand perceived severity for each consequence, and b) compare perceived severity across select consequences. Further, we grouped ratings into the STRIDE threat model categories and c) analyzed whether perceived severity varied across those categories. The current study’s results suggest not all consequences are perceived to be equally severe; likewise, not all STRIDE threat model categories are perceived to be equally severe. Implications for designing warning messages and modeling threats are discussed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
