This paper discusses the challenges faced by home computer users in the United States, most of whom have little computer security knowledge or training. Despite this, they regularly make security-related decisions, often unknowingly, guided by their “mental models” of computer security. These models do not have to be technically correct to lead to desirable security behaviors. The authors argue that instead of expecting non-technical users to become more like computer security experts, more effective ways of helping them make good security decisions should be developed. They propose a research agenda aimed at learning how to shape the mental models of regular non-technical computer users.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....