One of the largest preventable sources of computer compromise is old software that has not been updated with the latest security-related updates. Security updates correct known vulnerabilities in software and protect the computer from future attacks. However, users do not always choose to install updates; instead, they avoid or delay installation, placing their computers and data at an increased risk of of harm. Our research explores different mental models users have regarding software updates and connects those models to the past update behavior of participants. We used a multi-method approach to collect interview, survey, and computer log data from 37 Windows 7 users. We analysed the qualitative data to understand how people conceptualized updates, and made decisions regarding them. We observed a disconnect between participants’ understanding of update behavior and reality. Issues such as locus of control, and the unknown consequences of updating software negatively impacted update behavior.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....