I Downloaded What?: An Examination of Computer Security Decisions

Abstract

Computer users are faced with seemingly minor security decisions on a daily basis. While much is known about decision-making in general, less is known about decision-making in the context of computer security. In the current experiment, 56 relatively knowledgeable computer users completed a decision-making task that included 24 scenarios which varied in terms of decision domain (computer vs. non-computer), risk (high vs. low), and gain-to-loss ratio (high gains/low losses, equal gains/losses, low gains/high losses). Results indicated that there was no difference between computer and non-computer decisions when risk and gain-to-loss ratio were held constant. However, these decision factors did interact to differentially influence decisions within each of these domains. Perception of risk greatly impacted computer decisions whereas the gain-to-loss ratio seemed to have a larger influence on the non-computer decisions. Potential directions for computer security software design, user training, and future research are discussed.

Get full access to this article

View all access options for this article.

References

Goldstein

W. M.

Hogarth

R. M.

(1997). Research on judgment and decision-making: Currents, connections, and controversies. Cambridge, UK: Cambridge University Press.

Milne

G. R.

Rohm

A. J.

Bahl

(2004). Consumers' protection of online privacy and identity. The Journal of Consumer Affairs, 38(2), 217–232.

Miyazaki

A. D.

Fernandez

(2001). Consumer perceptions of privacy and security risks for online shopping. The Journal of Consumer Affairs, 35(1), 27–44.

Schneier

(2000). Secrets and Lies: Digital Security in a Networked World. New York: Wiley & Sons.

Schultz

E. E.

Proctor

R. W.

Lien

M. C.

Salvendy

(2001). Usability and security: An appraisal of security issues in information security methods. Computers and Security, 20 (7), 620–634.

Smetters

D. K.

Grinter

R. E.

(2002). Moving from the design of usable security technologies to the design of useful secure applications. New Security Paradigms Workshop, Virginia Beach, 23–28 September 2002, pp. 82–89. New York: ACM Press.

Tversky

Kahneman

(1981). The framing of decisions and the Psychology of choice. Science, 211(4481), 453–458.

Wogalter

M. S.

Mayhorn

C. B.

(2005). Providing cognitive support with technology-based warning systems. Ergonomics, 48(5), 522–533.

Yee

K.P.

(2002). User interaction design for secure systems. Proceedings of the 4th International Conference on Information and Communications Security, Singapore, 9–12 December 2002, pp. 278–290. London: Springer-Verlag.

10.

Zurko

M. E.

Simon

R. T.

, (1997). User-Centered Security. New Security Paradigms Workshop, Lake Arrowhead, 17–20 September 1997, pp. 27–33. New York: ACM Press.