Skip to content
University of Maryland LibrariesDigital Repository at the University of Maryland
    • Login
    View Item 
    •   DRUM
    • College of Computer, Mathematical & Natural Sciences
    • Computer Science
    • Technical Reports of the Computer Science Department
    • View Item
    •   DRUM
    • College of Computer, Mathematical & Natural Sciences
    • Computer Science
    • Technical Reports of the Computer Science Department
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    I Think They're Trying To Tell Me Something: Advice Sources and Selection for Digital Security

    Thumbnail
    View/Open
    CS-TR-5048.pdf (354.1Kb)
    No. of downloads: 1683

    Date
    2015-11-30
    Author
    Redmiles, Elissa M.
    Malone, Amelia
    Mazurek, Michelle L.
    DRUM DOI
    https://doi.org/10.13016/M2B72X
    Metadata
    Show full item record
    Abstract
    Users receive a multitude of digital- and physical-security advice every day. Indeed, if we implemented all the security advice we received, we would never leave our houses or use the Internet. Instead, users selectively choose some advice to accept and some (most) to reject; however, it is unclear whether they are effectively prioritizing what is most important or most useful. If we can understand from where users take security advice and how they subsequently develop security behaviors, we can develop more effective security interventions. As a first step, we conducted 25 semi-structured interviews of security-sensitive (those users who deal with sensitive data or hold security clearances) and general users. These interviews resulted in several key findings: (1) users' main sources of digital-security advice include IT professionals, workplaces, and negative events, whether experienced personally or retold through TV; (2) users determine whether to accept digital-security advice based on the trustworthiness of the advice-source, as they feel inadequately able to evaluate the advice content; (3) users reject advice for many reasons, from believing that someone else is responsible for their security to finding that the advice contains too much marketing material or threatens their privacy; and (4) security-sensitive users differ from general users in a number of ways, including feeling that digital-security advice is more useful in their day-to-day lives and relying heavily on their workplace as a source of security information. These and our other findings inform a set of design recommendations for enhancing the efficacy of digital-security advice.
    URI
    http://hdl.handle.net/1903/17328
    Collections
    • Technical Reports of the Computer Science Department

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility
     

     

    Browse

    All of DRUMCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister
    Pages
    About DRUMAbout Download Statistics

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility