This paper discusses the prevalent issue of users often dismissing security dialogs without much thought. Previous research has demonstrated that user responses to security dialogs become significantly more thoughtful when the dialogs are polymorphic, and further improvements can be achieved when the dialogs are audited and auditors penalize users for unreasonable responses. This paper presents an Operant Conditioning model that aligns with these observations and introduces Security Reinforcing Applications (SRAs). SRAs aim to reward users for secure behavior, as opposed to penalizing insecure behavior. User studies indicate that SRAs enhance users’ secure behaviors and that behaviors reinforced in this manner do not diminish even after several weeks of non-interaction with SRAs. Additionally, the paper proposes Vicarious Security Reinforcement (VSR), inspired by Social Learning theory. A user study shows that VSR speeds up the benefits of SRAs.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....