Mental models of security risks

Authors:
Farzaneh Asgharpour;Debin Liu;L. Jean Camp
Affiliations:
School of Informatics, Indiana University;School of Informatics, Indiana University;School of Informatics, Indiana University
Venue:
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Year:
2007

Citing 2
Cited 4

A synthesis of research on requirements analysis and knowledge acquisition techniques

MIS Quarterly
Playing your cards right: getting the most from card sorting for navigation design

interactions - HCI & Higher Education

Promoting a physical security mental model for personal firewall warnings

CHI '11 Extended Abstracts on Human Factors in Computing Systems
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings

Proceedings of the Seventh Symposium on Usable Privacy and Security
Risk communication design: video vs. text

PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
The usability of truecrypt, or how i learned to stop whining and fix an interface

Proceedings of the third ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.01

Visualization

Abstract

In computer security, risk communication refers to informing computer users about the likelihood and magnitude of a threat. Efficacy of risk communication depends not only on the nature of the risk, but also on the alignment between the conceptual model embedded in the risk communication and the user's mental model of the risk. The gap between the mental models of security experts and non-experts could lead to ineffective risk communication. Our research shows that for a variety of the security risks self-identified security experts and non-experts have different mental models. We propose that the design of the risk communication methods should be based on the non-expert mental models.