Article

Mental models of security risks

Authors:

FC'07/USEC'07: Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security

Pages 367 - 377

Published: 12 February 2007 Publication History

Abstract

In computer security, risk communication refers to informing computer users about the likelihood and magnitude of a threat. Efficacy of risk communication depends not only on the nature of the risk, but also on the alignment between the conceptual model embedded in the risk communication and the user's mental model of the risk. The gap between the mental models of security experts and non-experts could lead to ineffective risk communication. Our research shows that for a variety of the security risks self-identified security experts and non-experts have different mental models. We propose that the design of the risk communication methods should be based on the non-expert mental models.

References

[1]

Morgan, M.G., Fischhoff, B., Bostrom, A., Atman, C.J.: Risk Communication: A Mental Models Approach. Cambridge University Press, Cambridge (2001)

Google Scholar

[2]

Ronnfeldt, C.F.: Three Generations of Environment and Security. Journal of Peace Research 34(4), 473-482 (1997)

Crossref

Google Scholar

[3]

Jungermann, H., Schutz, H., Thuring, M.: Mental models in risk assessment: Informing people about drugs. In: Risk Analysis, Blackwell, Oxford (1981)

Google Scholar

[4]

Kumaraguru, P., Cranor, L.F., Newton, E.: Privacy Perceptions in India and the United States: An Interview Study. In: 33rd Research Conference on Communication, The National Center for Technology & Law, George Mason University School of Law, USA (September 2005)

Google Scholar

[5]

Camp, L.J.: Mental Models of Security. IEEE Computer Society Press, Los Alamitos (2006)

Google Scholar

[6]

Byrd, T.A., Cossick, K.L., Zumd, R.W.: A Synthesis of Research on Requirements Analysis and Knowledge Acquisition Techniques. MIS Quarterly 16(1), 117-138 (1992)

Digital Library

Google Scholar

[7]

Hudson, W.: Playing Your Cards Right, Getting the Most from Card Sorting for Navigation Design. HCI & Higher Education Column: People: HCI & the web 12(5), 56-58 (2005)

Digital Library

Google Scholar

[8]

Kruskal, J., Wish, M.: Multidimensional Scaling. Sage Publication, Thousand Oaks (1978)

Google Scholar

Cited By

View all

Pfeffer KMai AWeippl ERader EKrombholz KChiasson SKapadia A(2022)ReplicationProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563610(1-18)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563610
Sturdee MThornton LWimalasiri BPatil SSas CMaiden N(2021)A Visual Exploration of Cybersecurity ConceptsProceedings of the 13th Conference on Creativity and Cognition10.1145/3450741.3465252(1-10)Online publication date: 22-Jun-2021
https://dl.acm.org/doi/10.1145/3450741.3465252
Wolf FKuber RAviv ABrewster SFitzpatrick GCox AKostakos V(2019)"Pretty Close to a Must-Have"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290605.3300381(1-12)Online publication date: 2-May-2019
https://dl.acm.org/doi/10.1145/3290605.3300381
Show More Cited By

Mental models of security risks
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Identifying Group-Specific Mental Models of Recommender Systems: A Novel Quantitative Approach
Human-Computer Interaction – INTERACT 2021
Abstract
How users interact with an intelligent system is determined by their subjective mental model of the system’s inner working. In this paper, we present a novel method based on card sorting to identify such mental models of recommender systems ...
Insuring computer risks

Individuals and organizations who own or use computers in daily operations face many exposures to the risk of loss of hardware, software, and other computing assets, including liability arising from computing operations. Many loss prevention techniques ...
Security Risks: Management and Mitigation in the Software Life Cycle
WETICE '04: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

FC'07/USEC'07: Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security

February 2007

389 pages

ISBN:3540773657

Editors:
Sven Dietrich
Stevens Institute of Technology, Computer Science Department, Hoboken, NJ
,
Rachna Dhamija
Harvard University, Center for Research on Computation and Society, DEAS, Cambridge, MA

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 12 February 2007

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
5
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Pfeffer KMai AWeippl ERader EKrombholz KChiasson SKapadia A(2022)ReplicationProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563610(1-18)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563610
Sturdee MThornton LWimalasiri BPatil SSas CMaiden N(2021)A Visual Exploration of Cybersecurity ConceptsProceedings of the 13th Conference on Creativity and Cognition10.1145/3450741.3465252(1-10)Online publication date: 22-Jun-2021
https://dl.acm.org/doi/10.1145/3450741.3465252
Wolf FKuber RAviv ABrewster SFitzpatrick GCox AKostakos V(2019)"Pretty Close to a Must-Have"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290605.3300381(1-12)Online publication date: 2-May-2019
https://dl.acm.org/doi/10.1145/3290605.3300381
Sharif MRoundy KDell'Amico MGates CKats DBauer LChristin NBrewster SFitzpatrick GCox AKostakos V(2019)A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support ChatsProceedings of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290605.3300308(1-12)Online publication date: 2-May-2019
https://dl.acm.org/doi/10.1145/3290605.3300308
Stobert EBiddle R(2018)The Password Life CycleACM Transactions on Privacy and Security10.1145/318334121:3(1-32)Online publication date: 16-Apr-2018
https://dl.acm.org/doi/10.1145/3183341
Wolf FKuber RAviv AMandryk RHancock MPerry MCox A(2018)How Do We Talk Ourselves Into These Things?Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3170427.3188578(1-6)Online publication date: 20-Apr-2018
https://dl.acm.org/doi/10.1145/3170427.3188578
Rader ESlaker J(2017)The importance of visibility for folk theories of sensor dataProceedings of the Thirteenth USENIX Conference on Usable Privacy and Security10.5555/3235924.3235945(257-270)Online publication date: 12-Jul-2017
https://dl.acm.org/doi/10.5555/3235924.3235945
Albayram YKhan MJensen TNguyen N(2017)"...Better to use a lock screen than to worry about saving a few seconds of time"Proceedings of the Thirteenth USENIX Conference on Usable Privacy and Security10.5555/3235924.3235929(49-63)Online publication date: 12-Jul-2017
https://dl.acm.org/doi/10.5555/3235924.3235929
Oliveira DRocha HYang HEllis DDommaraju SMuradoglu MWeir DSoliman ALin TEbner NMark GFussell SLampe Cschraefel mHourcade JAppert CWigdor D(2017)Dissecting Spear Phishing Emails for Older vs Young AdultsProceedings of the 2017 CHI Conference on Human Factors in Computing Systems10.1145/3025453.3025831(6412-6424)Online publication date: 2-May-2017
https://dl.acm.org/doi/10.1145/3025453.3025831
Yao YLo Re DWang YLee CPoltrock SBarkhuus LBorges MKellogg W(2017)Folk Models of Online Behavioral AdvertisingProceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing10.1145/2998181.2998316(1957-1969)Online publication date: 25-Feb-2017
https://dl.acm.org/doi/10.1145/2998181.2998316
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Identifying Group-Specific Mental Models of Recommender Systems: A Novel Quantitative Approach

Insuring computer risks

Security Risks: Management and Mitigation in the Software Life Cycle