This study explores the mental models of information security threats held by users who make security decisions about their home computers. A survey of a large representative sample of US Internet users revealed demographic differences in both beliefs about security and security behaviors. Many participants reported weakly held beliefs about viruses and hackers and were the least likely to take protective actions. The findings suggest that not all security knowledge is the same, and that educating users about security is not a straightforward issue. It also implies that not all users should receive the same messages.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...