Issue No. 05 - Sept.-Oct. (2016 vol. 18)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2016.84
Brian Stanton , US National Institute of Standards and Technology
Mary F. Theofanos , US National Institute of Standards and Technology
Sandra Spickard Prettyman , Independent Consultant
Susanne Furman , US National Institute of Standards and Technology
Security fatigue has been used to describe experiences with online security. This study identifies the affective manifestations resulting from decision fatigue and the role it plays in users' security decisions. A semistructured interview protocol was used to collect data (N = 40). Interview questions addressed online activities; computer security perceptions; and the knowledge and use of security icons, tools, and terminology. Qualitative data techniques were used to code and analyze the data identifying security fatigue and contributing factors, symptoms, and outcomes of fatigue. Although fatigue was not directly part of the interview protocol, more than half of the participants alluded to fatigue in their interviews. Participants expressed a sense of resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue. The authors found that the security fatigue users experience contributes to their cost-benefit analyses in how to incorporate security practices and reinforces their ideas of lack of benefit for following security advice.
Computer security, Privacy, Online services, Decision making, Performance evaluation
B. Stanton, M. F. Theofanos, S. S. Prettyman and S. Furman, "Security Fatigue," in IT Professional, vol. 18, no. 5, pp. 26-32, 2016.