Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
User-Centered Security: Stepping Up to the Grand Challenge
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Assessing emotions related to learning new software: The computer emotion scale
Computers in Human Behavior
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Computers in Human Behavior
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Folk models of home computer security
Proceedings of the Sixth Symposium on Usable Privacy and Security
The information security policy unpacked: A critical study of the content of university policies
International Journal of Information Management: The Journal for Information Professionals
Limiting, leaving, and (re)lapsing: an exploration of facebook non-use practices and experiences
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Can we sell security like soap?: a new approach to behaviour change
Proceedings of the 2013 workshop on New security paradigms workshop
International Journal of Human-Computer Studies
Hi-index | 0.00 |
Non-expert computer users regularly need to make security-relevant decisions; however, these decisions tend not to be particularly good or sophisticated. Nevertheless, their choices are not random. Where does the information come from that these non-experts base their decisions upon? We argue that much of this information comes from stories they hear from other people. We conducted a survey to ask open- and closed- ended questions about security stories people hear from others. We found that most people have learned lessons from stories about security incidents informally from family and friends. These stories impact the way people think about security, and their subsequent behavior when making security-relevant decisions. In addition, many people retell these stories to others, indicating that a single story has the potential to influence multiple people. Understanding how non-experts learn from stories, and what kinds of stories they learn from, can help us figure out new methods for helping these people make better security decisions.