Risk Communication in Security Using Mental Models
نویسندگان
چکیده
In computer security, risk communication refers to a mechanism used to inform computer users against a given threat. Efficacy of risk communication depends not only on the nature of the risk, but also alignment between the conceptual model of the risk communicator and the user’s perception or mental model of the risk. The gap between the mental model of the security experts and non-experts could lead to ineffective and poor risk communication. Our research shows that for a variety of the security risks self-identified security experts and non-experts have different mental models. We propose that the risk communication methods should be designed based on the non-expert’s mental models with regard to each security risk.
منابع مشابه
Mental Models of Computer Security Risks
Improved computer security requires improvements in risk communication to naive end users. Efficacy of risk communication depends not only on the nature of the risk, but also on the alignment between the conceptual model embedded in the risk communication and the recipients’ perception of the risk. The difference between these communicated and perceived mental models could lead to ineffective r...
متن کاملExperimental Evaluations of Expert and Non-expert Computer Users’ Mental Models of Security Risks
1 2 There is a critical need in computer security to communicate risks and thereby enable informed decisions by naive users. Yet computer security has not been engaged with the scholarship of risk communication. While the existence of malicious actors may appear at first to distinguish computer risk from environmental or medical risk, the impersonal un-targeted nature of the exploitation of com...
متن کاملEffectively Communicate Risks for Diverse Users: A Mental-Models Approach for Individualized Security Interventions
Security interventions – such as Web warnings – currently do not work. One approach to remedy the situation is to make the communication of risks in the interventions more understandable and motivating. Mental models that users have of security have been studied to accomplish these aims, primarily to better align the intervention with the mental model of the users. However, the users’ mental mo...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کامل“Security by Obscurity”: Journalists’ Mental Models of Information Security
Despite wide-ranging threats and tangible risks, journalists have not done much to change their information or communications security practices in recent years. Through in-depth interviews, we provide insight into how journalists conceptualize security risk. By applying a mental models framework, we identify a model of “security by obscurity”—one that persists across participants despite varyi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007