This paper discusses the challenges faced by home computer users in the United States, most of whom have little computer security knowledge or training. Despite this, they regularly make security-related decisions, often unknowingly, guided by their “mental models” of computer security. These models do not have to be technically correct to lead to desirable security behaviors. The authors argue that instead of expecting non-technical users to become more like computer security experts, more effective ways of helping them make good security decisions should be developed. They propose a research agenda aimed at learning how to shape the mental models of regular non-technical computer users.
The Impact of Workload on Phishing Susceptibility: An Experiment
Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading...