Communications of the ACM
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
User-Centered Security: Stepping Up to the Grand Challenge
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
The effects of metaphors on novice and expert learners' performance and mental-model development
Interacting with Computers
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
The work to make a home network work
ECSCW'05 Proceedings of the ninth conference on European Conference on Computer Supported Cooperative Work
Mental models: a theoretical overview and preliminary study
Journal of Information Science
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Computers in Human Behavior
Back vs. stack: training the correct mental model affects web browsing
Behaviour & Information Technology
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Folk models of home computer security
Proceedings of the Sixth Symposium on Usable Privacy and Security
How the public views strategies designed to reduce the threat of botnets
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
The information security policy unpacked: A critical study of the content of university policies
International Journal of Information Management: The Journal for Information Professionals
Proceedings of the 2012 workshop on New security paradigms
| Hi-index | 0.00 |
Over 80 million households in the United States have a home computer and an Internet connection. The vast majority of these are administered by people who have little computer security knowledge or training, and many users try to avoid making security decisions because they feel they don't have the knowledge and skills to maintain proper security. Nevertheless, home computer users still make security-related decisions on a regular basis -- for example, whether or not to click on a shady link in an email message -- without even knowing that's what they are doing. Their decisions are guided by how they think about computer security, or their "mental models," which do not have to be technically correct to lead to desirable security behaviors [44]. In other words, sometimes even "wrong" mental models produce good security decisions. By eliminating the constraint that nontechnical users must become more like computer security experts to properly protect themselves, we believe that we can create more effective ways of helping home computer users make good security decisions. To that end, we propose a research agenda that will help us learn how to shape the mental models of regular non-technical computer users.