

Mental Models of Security Risks

14 years 9 months ago
Mental Models of Security Risks
1 2 There is a critical need in computer security to communicate risks and thereby enable informed decisions by naive users. Yet computer security has not been engaged with the scholarship of risk communication. While the existence of malicious actors may appear at first to distinguish computer risk from environmental or medical risk, the impersonal un-targeted nature of the exploitation of computing resources and the technical complexity of the risks are similarities. This work is a first experimental step in evaluating the informal, implicit, and unexamined use of mental models in computer security. The experiments described in this paper have three results. First, the experiments show that for a wide range of security risks self-identified security experts and non-experts have quite distinct mental models. Second, a stronger definition of expertise increases the distance between the mental models of non-experts and experts. Finally, the implicit and informal use of models throu...
Farzaneh Asgharpour, Debin Liu, L. Jean Camp
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where FC
Authors Farzaneh Asgharpour, Debin Liu, L. Jean Camp
Comments (0)