Stories as informal lessons about security

Authors:
Emilee Rader;Rick Wash;Brandon Brooks
Affiliations:
Michigan State University East Lansing, MI;Michigan State University East Lansing, MI;Michigan State University East Lansing, MI
Venue:
Proceedings of the Eighth Symposium on Usable Privacy and Security
Year:
2012

Citing 11
Cited 3

Security in the wild: user strategies for managing security as an everyday, practical problem

Personal and Ubiquitous Computing
User-Centered Security: Stepping Up to the Grand Challenge

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Looking for trouble: understanding end-user security management

Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Assessing emotions related to learning new software: The computer emotion scale

Computers in Human Behavior
A framework for reasoning about the human in the loop

UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls

Decision Support Systems
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Folk models of home computer security

Proceedings of the Sixth Symposium on Usable Privacy and Security
Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions

MIS Quarterly
The information security policy unpacked: A critical study of the content of university policies

International Journal of Information Management: The Journal for Information Professionals

Limiting, leaving, and (re)lapsing: an exploration of facebook non-use practices and experiences

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Can we sell security like soap?: a new approach to behaviour change

Proceedings of the 2013 workshop on New security paradigms workshop
Using the health belief model to explore users' perceptions of 'being safe and secure' in the world of technology mediated financial transactions

International Journal of Human-Computer Studies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Non-expert computer users regularly need to make security-relevant decisions; however, these decisions tend not to be particularly good or sophisticated. Nevertheless, their choices are not random. Where does the information come from that these non-experts base their decisions upon? We argue that much of this information comes from stories they hear from other people. We conducted a survey to ask open- and closed- ended questions about security stories people hear from others. We found that most people have learned lessons from stories about security incidents informally from family and friends. These stories impact the way people think about security, and their subsequent behavior when making security-relevant decisions. In addition, many people retell these stories to others, indicating that a single story has the potential to influence multiple people. Understanding how non-experts learn from stories, and what kinds of stories they learn from, can help us figure out new methods for helping these people make better security decisions.