The Community for Technology Leaders
RSS Icon
Issue No.02 - March/April (2012 vol.10)
pp: 40-49
Susanne M. Furman , National Institute of Standards and Technology
Mary Frances Theofanos , National Institute of Standards and Technology
Yee-Yin Choong , National Institute of Standards and Technology
Brian Stanton , National Institute of Standards and Technology
The National Initiative for Cybersecurity Education (NICE) will be conducting a nationwide awareness and outreach program to effect behavioral change. To be effective, an educational campaign must first understand users' perceptions of computer and online security. The authors' research objective was to understand users' current knowledge base, awareness, and skills. They investigated users' understanding of online security by conducting in-depth interviews with the goal of identifying existing correct perceptions, myths, and potential misperceptions. Their findings indicate that the participants were primarily aware of and concerned with online and computer security. However, they lacked a complete skill set to protect their computer systems, identities, and information online. Providing a skill set that lets them develop complete mental models will help them to correctly anticipate and adapt the appropriate behaviors when approaching online security.
Cybersecurity, perceptions, mental models, awareness, National Initiative for Cybersecurity Education, NICE
Susanne M. Furman, Mary Frances Theofanos, Yee-Yin Choong, Brian Stanton, "Basing Cybersecurity Training on User Perceptions", IEEE Security & Privacy, vol.10, no. 2, pp. 40-49, March/April 2012, doi:10.1109/MSP.2011.180
1. G. Gross, "US Needs Cyber-Emergency Response, Lawmaker Says," PCWorld,11 Apr. 2011; us_needs_cyberemergency_response_lawmaker_says.html .
2. S. Flinn and J. Lumsden, "User Perceptions of Privacy and Security on the Web," Third Ann. Conf. Privacy Security and Trust (PST 05), IEEE Press, 2005, pp. 15–26.
3. M. Danda, Protect Yourself Online: Learn Easy Ways to Keep Your PC, Privacy and Your Wallet Safe on the Internet, Microsoft Press, 2001.
4. J. Leyden, "Clueless Office Workers Help Spread Computer Viruses," The Register,6 Feb. 2004; .
5. M.A. Sasse, D. Ashenden, and D. Lawrence, "Human Vulnerabilities in Security Systems," white paper, Cybersecurity KTN Human Factors, 2007.
6. K. Bain, What the Best College Teachers Do, Harvard Univ. Press, 2004.
7. D.M. Szymanski and R.T. Hise, "E-satisfaction: An Initial Examination," J. Retailing, vol. 76, no. 3, 2000, pp. 309–322.
8. R. Chellapa and P. Pavlou, "Perceived Information Security, Financial Liability and Consumer Trust in Electronic Commerce Transactions," Logistics Information Management, vol. 15, nos. 5–6, 2002, pp. 358–368.
9. P.M. Simpson and C.L. Simpson Jr., , "Beware of Adware: Internet User Awareness, Perceptions and Consequences," Issues in Information Systems, vol. 5, no. 1, 2004 .
10. W. Huang, H. Schrank, and A.J. Dubinsky, "Effect of Brand Name on Consumers' Risk Perceptions of Online Shopping," J. Consumer Behavior, vol. 4, no. 1, 2004, pp. 40–50.
11. D.J. Kim, C. Steinfield, and Y. Lai, "Revisiting the Role of Web Assurance Seals in Consumer Trust," Proc. 6th Int'l Conf. Electronic Commerce (ICEC 04), ACM, 2004, pp. 280–287.
12. A. Tverksy and D. Kahneman, "Availability: A Heuristic for Judging Frequency and Probability," Cognitive Psychology, vol. 5, no. 2, 1973, pp. 207–232.
13. J. Campbell et al., "Unrealistic Optimism in Internet Events," Computers in Human Behavior, vol. 23, no. 3, 2007, pp. 1273–1284.
14. P. Dourish et al., "Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem," Personal and Ubiquitous Computing, vol. 8, no. 6, 2004, pp. 391–401.
15. J. Gross and M.B. Rosson, "Looking for Trouble: Understanding End User Security Management," Symp. Computer Human Interaction for the Management of Information Technology (CHIMIT 07), ACM, 2007, art. 10.
16. R. Walsh, "Folk Models of Home Computer Security," Symp. Usable Privacy and Security (SOUPS 10), ACM, 2010, art. 11.
17. A. Collins and D. Gentner, "How People Construct Mental Models," Cultural Models in Language and Thought, D. Holland, and N. Quinn eds., Univ. of Cambridge Press, 1987.
18. D. Gentner, "Analogy," A Comparison to Cognitive Science, W. Bechtel, and G. Graham eds., Blackwell, 1999, pp. 107–113.
19. F. Asgharpour, D. Liu, and L.J. Camp, "Mental Models of Computer Security Risks," Workshop Economics of Information Security (WEIS 07), Springer, 2007, pp. 367–377.
20. "Standards for Security Categorization of Federal Information Systems," Special Publication 199, Nat'l Inst. of Standards and Tech., Feb. 2004; FIPS-PUB-199-final.pdf.
62 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool