Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice.

ADL Registry is an instance of CORDRA. Anyone will be allowed to search the ADL Registry through a portal, but the access to find content may require local access privileges or authentication. ... What, then, do we mean by "openness" in open source, and why does it matter? ... What things a URI can not point to? ...

fatcat:wrl5jid2c5einh2icj3siqiefu

Not only are more people using computers, but they are using computers more. ... Yet, the security advice offered to users by security experts, service providers and government agencies is filled with advice that we know has no possibility of being followed. ...

doi:10.1109/msp.2013.134 fatcat:y3vhp5ddqfclnfb7r5frmwbbdy

confusion and undermined the prospect of a constructive approach to road safety. ... Using mobile phones and not using seatbelts have opposing consequences for other road users. ... The paper did not report why three different modes of investigation were used, nor the rationale for choosing between the three. ...

doi:10.1136/bmj.333.7560.202-b pmid:16858066 pmcid:PMC1513436 fatcat:c6r42dnooraz5nq4b63erc24d4

Past and current efforts to improve information-security practices and promote a sustainable society have not had the desired impact. ... Changing behaviour requires more than providing information about risks and reactive behaviours - firstly, people must be able to understand and apply the advice, and secondly, they must be motivated and ... Influence strategies People do not usually simply follow advice or instructions on how to behave online even if they come from an expert or a person of authority. ...

arXiv:1901.02672v1 fatcat:zsty4oypl5c6vmr2n4fvrq2d2i

In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. ... We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach. ... Acknowledgements Thanks are due to the users who participated in the questionnaire and interview studies. ...

doi:10.1145/322796.322806 fatcat:onzy4c2ynneotbavtmtpbzcecu

the potential value of this economic exchange; they do not know what will be done with the information and do not grasp the full implications of consenting to release of information. 286 And yet the ... WHAT DOES "DO NOT TRACK" MEAN? ... a third party for processing. 371 An organization must use contractual or other means to provide a comparable level of protection while the information is being processed by a third party. 372 Given that ...

doi:10.2139/ssrn.1920505 fatcat:fifrwdkqbzhxtfm3ykupwecjkm

A theoretical framework is then developed depicting the mechanism that links knowledge attributes, self-efficacy, threat avoidance motivation that leads to users' threat avoidance behavior. ... One can argue self-efficacy is one of the most important determinants of individual's motivation in phishing threat avoidance behavior, which has co-relation with knowledge. ... The advice option is basically the caution to the player and will show a set of guidelines on how to avoid the mistakes and try not doing the same mistake again in future. ...

arXiv:1811.09024v1 fatcat:gekvz7bkkvdebeqlqw6lczqp44

However, end-users are not the only ones who have usability problems with passwords! Developers who are tasked with writing the code by which passwords are stored must do so securely. ... For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better policies and motivating research into alternatives. ... ACKNOWLEDGEMENTS This work was partially funded by the ERC Grant 678341: Frontiers of Usable Security. ...

doi:10.1145/3133956.3134082 dblp:conf/ccs/NaiakshinaDTHD017 fatcat:52h6yaecbjckbovqrncq2gdc6m

Multiple Versions

For interviewed device users, QSnatch infections lasted longer, so are apparently more difficult to get rid of, yet participants did not report experiencing difficulty in following notification instructions ... There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. ... Acknowledgments The authors would like to thank our anonymous reviewers for their feedback and suggestions to improve the quality of our manuscript. ...

arXiv:2203.01683v1 fatcat:nldja52yqzdyji6tgx36do5b7a

Open Access

This paper studies a small sample of 5 IT startups that offer services via the web, to determine to what extent they are aware of and can handle the OWASP top 10 threats. ... In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think "let's get it to work first, and then we'll worry about security later ... The users are generating content in the form of Q/A, quizzes and discussions. What each user is allowed to do depends on the level of privileges. ...

doi:10.1109/cybersecpods.2018.8560666 dblp:conf/cybersecpods/SohoelJB18 fatcat:axp2k7ksz5c7xna247cphcooya

Much of the software engineering literature begins with an admonition that what practitioners are doing isn't enough-that the state-of-the-practice is creating bad software. ... This paper does not dispute this fact. However, we believe that what the software engineering literature offers as solutions is also not enough. ... The idea is that by breaking software, we learn about what it takes to fix it. Steve Atkin is a Software Engineer at IBM in Austin, Texas. ...

doi:10.1109/ms.2002.1020297 fatcat:2im5fuvtcncxtdw5nv7oplcccm

We analyze the types of drives users connected and survey those users to understand their motivation and security profile. We find that a drive's appearance does not increase attack success. ... We investigate the anecdotal belief that end users will pick up and plug in USB flash drives they find by completing a controlled experiment in which we drop 297 flash drives on a large university campus ... ACKNOWLEDGEMENTS The authors thank the University of Illinois Technology Services, especially Wayland Morgan, as well as the members of the University of Illinois Police Department and the Office of ...

doi:10.1109/sp.2016.26 dblp:conf/sp/TischerDFDMBB16 fatcat:wtbyig5j3vh4zdpicovtb4dx5m

While managers usually cite "poor reliability" of the forecasts as the reason for this, they are seldom able to demonstrate knowledge of the actual performance of forecasts or to consistently articulate ... the level of reliability that they would require. ... Notes 1 Probabilistic ENSO forecasting is a recent addition to a fairly wide range of tools that have been proposed to introduce stochastic processes into many aspects of water resource engineering and ...

doi:10.1007/s10584-005-3148-z fatcat:zjsjlfijc5ai5ekasbd5vvegam

They do not read a daily paper regularly and do not closely follow the daily news on television, even though they may catch it from time to time. Why is this the case? ... In our survey, respondents who do not follow the news regularly were asked why they do not pay more attention. Negative perceptions of politics were a prominent factor. ... Is the material framed in a sensational way or not? ...

doi:10.2139/ssrn.257395 fatcat:dzot2ar2abfnrcfjsqsz5kyfka

What aspect of social media do you want to look at, such as a marketing/persuasion tool, a means of motivating people, in terms of the impact of interaction/dialogue, why it is different from off-line ... This lack of a playbook to follow can make it feel daunting, but it gives us the freedom to try something different. What follows is a not a panacea for conducting research. ...

doi:10.4038/nsbmjm.v2i2.27 fatcat:kxbxphchvnbwxb3l355punmcbm

Open Educational Resources: What they are and why do they matter Report prepared for the OECD

Preserved Fulltext

More Is Not the Answer

Preserved Fulltext

Do not be fooled by photographs

Preserved Fulltext

Cyber Security Awareness Campaigns: Why do they fail to change behaviour? [article]

Preserved Fulltext

Users are not the enemy

Preserved Fulltext

To Track or 'Do Not Track': Advancing Transparency and Individual Control in Online Behavioral Advertising

Preserved Fulltext

Building Confidence not to be Phished through a Gamified Approach: Conceptualising User's Self-Efficacy in Phishing Threat Avoidance Behaviour [article]

Preserved Fulltext

Why Do Developers Get Password Storage Wrong?

Preserved Fulltext

Other Versions

Difficult for Thee, But Not for Me: Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware [article]

Preserved Fulltext

OWASP Top 10 - Do Startups Care?

Preserved Fulltext

Software engineering is not enough

Preserved Fulltext

Users Really Do Plug in USB Drives They Find

Preserved Fulltext

Weather Forecasts are for Wimps: Why Water Resource Managers Do Not Use Climate Forecasts

Preserved Fulltext

Doing Well and Doing Good

Preserved Fulltext

Conducting Research: what do you want to know? what do others say? and how to do it. Some Personal Reflections

Preserved Fulltext