TeamUSEC

Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness

Marian Harbach, Sascha Fahl and Matthew Smith.
IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19-22 July, 2014
PDF Abstract Cite DOI

Abstract

The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with them. However, the state of risk awareness in users during their everyday use of the modern Internet has not been studied in detail. While it is well known that users have a limited “budget” for security behavior and that trying to coerce them into considering additional risks does not work well, it remains unclear which risks are on users’ minds and therefore already accounted for in terms of their budget. Hence, assessing which risks and which consequences users currently perceive when using information technology is an important and currently overlooked foundation to shape usability aspects of IT security mechanisms. In this paper, we present a survey of risk and consequence awareness in users, analyze how this may influence the current lack of adoption for improved security measures, and make recommendations how this situation can be alleviated.

Reference

@inproceedings{DBLP:conf/csfw/HarbachFS14,
 author = {Marian Harbach and
Sascha Fahl and
Matthew Smith},
 bibsource = {dblp computer science bibliography, https://dblp.org},
 biburl = {https://dblp.org/rec/conf/csfw/HarbachFS14.bib},
 booktitle = {IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna,
Austria, 19-22 July, 2014},
 doi = {10.1109/CSF.2014.15},
 pages = {97--110},
 publisher = {IEEE Computer Society},
 title = {Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness},
 url = {https://doi.org/10.1109/CSF.2014.15},
 year = {2014}
}