Issue No.02 - March/April (2012 vol.10)
Mary Frances Theofanos , National Institute of Standards and Technology
Yee-Yin Choong , National Institute of Standards and Technology
Susanne M. Furman , National Institute of Standards and Technology
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.180
The National Initiative for Cybersecurity Education (NICE) will be conducting a nationwide awareness and outreach program to effect behavioral change. To be effective, an educational campaign must first understand users' perceptions of computer and online security. The authors' research objective was to understand users' current knowledge base, awareness, and skills. They investigated users' understanding of online security by conducting in-depth interviews with the goal of identifying existing correct perceptions, myths, and potential misperceptions. Their findings indicate that the participants were primarily aware of and concerned with online and computer security. However, they lacked a complete skill set to protect their computer systems, identities, and information online. Providing a skill set that lets them develop complete mental models will help them to correctly anticipate and adapt the appropriate behaviors when approaching online security.
Cybersecurity, perceptions, mental models, awareness, National Initiative for Cybersecurity Education, NICE
Mary Frances Theofanos, Yee-Yin Choong, Susanne M. Furman, "Basing Cybersecurity Training on User Perceptions", IEEE Security & Privacy, vol.10, no. 2, pp. 40-49, March/April 2012, doi:10.1109/MSP.2011.180