Bridging the Gap in Computer Security Warnings: A Mental Model Approach
@article{BravoLillo2011BridgingTG, title={Bridging the Gap in Computer Security Warnings: A Mental Model Approach}, author={Cristian Bravo-Lillo and Lorrie Faith Cranor and Julie S. Downs and Saranga Komanduri}, journal={IEEE Security \& Privacy}, year={2011}, volume={9}, pages={18-26} }
Computer security warnings are intended to protect users and their computers. However, research suggests that these warnings might be largely ineffective because they're frequently ignored. The authors describe a mental model interview study designed to gain insight into how advanced and novice computer users perceive and respond to computer warnings. Developers can leverage the approaches of advanced users to design more effective warnings for novice users.
197 Citations
Improving Computer Security Dialogs
- Computer ScienceINTERACT
- 2011
In some cases the authors' redesigned warnings significantly increased participants' understanding and motivation to take the safest action; however, it was not able to show that participants' responses were differentiated between low and high risk conditions.
Security Warning Life Cycle: Challenges and Panacea
- Computer Science
- 2017
This research highlights insights into the discovery of problems and difficulties encountered by the users, approaches in improving security warnings and future direction of the security warning improvement process.
Preliminary Insights in Security Warning Studies: An Exploration in University Context
- Computer ScienceProcedia Computer Science
- 2019
Improving Mental Models of Computer Security Through Information Graphics
- Computer Science
- 2013
Seven pieces of instructional materials are designed that help end-users learn about password guessing attacks and antivirus protection and show that information graphics led to superior learning outcomes and a better user experience than existing text-alone approaches.
That’s how I feel: A Study of User’s Security Mental Model
- Computer Science
- 2019
To elicit and depict users’ security and usability mental models, crowd-sourcing techniques and a cognitive map method are utilized and an experiment to evaluate the findings using Amazon Mechanical Turk is performed.
"Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response
- Computer Science2019 IEEE Symposium on Security and Privacy (SP)
- 2019
This work conducts a series of qualitative interviews with users who had recently experienced suspicious login incidents on their real Facebook accounts in order to explore this process of account security incident response, finding a common process across participants from five countries.
Habituation effects in computer security warning
- Computer ScienceInf. Secur. J. A Glob. Perspect.
- 2018
The main objective of this paper is to describe and summarize the related studies on users’ habituation to the security warnings to contribute to a more complete understanding of the habituation effects in security warnings.
Habituation effects in computer security warning
- Computer ScienceInf. Secur. J. A Glob. Perspect.
- 2018
The main objective of this article is to describe and summarize the related studies on users’ habituation to the security warnings and explore the current key issues, challenges, and the possible solutions related to habituation effects in security warnings.
Effectively Communicate Risks for Diverse Users: A Mental-Models Approach for Individualized Security Interventions
- Computer ScienceGI-Jahrestagung
- 2013
A qualitative card-sorting study how lay and expert users assess risks connected to Web sites indicates the diversity of mental models, both between the two groups and between individuals, particularly related to their preferences.
References
SHOWING 1-10 OF 15 REFERENCES
Mental models of privacy and security
- MedicineIEEE Technology and Society Magazine
- 2009
The strongest conclusion is that mental models can be used to improve risk communication and the best model may be the medical model.
Do security toolbars actually prevent phishing attacks?
- Computer ScienceCHI
- 2006
It is found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be, and security toolbars are found to be ineffective at preventingPhishing attacks.
Purposes and Scope of Warnings,
- Handbook of Warnings (Human Factors/Ergonomics), M.S. Wogalter, ed., Lawrence Erlbaum Assoc.,
- 2006
An Empirical Analysis of Phishing Blacklists
- HistoryCEAS 2009
- 2009
This paper used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars and found that two tools using heuristics to complement blacklists caught signicantly more phish initially than those using only blacklists.
Shieh
- Shieh
Models Approach
- Models Approach
- 2001
Egilman, “A Brief History of Warnings,
- Handbook of Warnings (Human Factors/ Ergonomics),
- 2006
A Brief History of Warnings Handbook of Warnings
- Human Factors Lawrence Erlbaum Assoc
- 2006
A Brief History of Warnings
- Handbook of Warnings ( Human Factors / Ergonomics )