Recognising and addressing ‘security fatigue’

Furnell, Steven; Thomson, Kerry-Lynn

doi:10.1016/s1361-3723(09)70139-3

Cited by 70 publications

(55 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Stories can be used to encode technical knowledge as they combine events, facts, and experiences within the context of specific situations, making the information more accessible and memorable (Hayne, 2009). Game mechanics that encompass role-plays and storylines can improve learning outcomes by increasing motivation, interest, relatedness, and autonomy (Frost et al, 2015). The use of storytelling in security gamification can also stimulate curiosity and challenge users (Kapp, 2012).…”

Section: Gamified Seta Artefact: Interactive Storytellingmentioning

confidence: 99%

Choose your own training adventure: designing a gamified SETA artefact for improving information security and privacy through interactive storytelling

Dincelli

Chengalur-Smith

2020

European Journal of Information Systems

View full text Add to dashboard Cite

Online self-disclosure (OSD) on social networking sites can leave individuals and organisations vulnerable to security threats. Following a design science research (DSR) method, we created a gamified, "choose your own adventure" style security education, training, and awareness (SETA) artefact using two formats: text and visual. Both artefacts were designed to identify the security threats that trainees are most susceptible to, debrief them about the threat and its potential consequences, and facilitate behaviour change by letting trainees re-evaluate their decisions. Using a longitudinal randomised controlled experiment, we compared these two artefacts to no intervention and traditional security warning emails by assessing both instrumental (changes in attitudes, intentions, and OSD behaviour) and experiential (memorability and user experience) outcomes. Our survey of 1,718 employees showed that the text-based artefact was better at improving instrumental outcomes, and the visual-based artefact was better at improving experiential outcomes. This study provides a more granular understanding of the linkages between technology artefacts and human experiences through the application of design science thinking. The findings contribute to DSR by developing design principles, testable propositions, and realistic performance evaluation metrics for gamified SETA artefacts, and present practical recommendations for regulating employees' information security and privacy behaviours inside and outside the workplace.

show abstract

Section: Gamified Seta Artefact: Interactive Storytellingmentioning

confidence: 99%

Choose your own training adventure: designing a gamified SETA artefact for improving information security and privacy through interactive storytelling

Dincelli

Chengalur-Smith

2020

European Journal of Information Systems

View full text Add to dashboard Cite

show abstract

“…When attempting to raise security Your knowledge in computer security is strong awareness, there are typically a number of issues users experience, namely long-term retention, long term behavioural change and security fatigue. The term "security fatigue" is linked to security awareness, highlighting that even though there are programmes to educate people about security, people may still fail to engage with the good practice they have been taught [33]. Essentially, users can tire of being bombarded with security information and may reject the advice they have been given [34].…”

Section: Fig 2 Participants' Self-reported Knowledge Of Computer Sementioning

confidence: 99%

Gamification Techniques for Raising Cyber Security Awareness

Scholefield

Shepherd

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlighted that users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues.

show abstract

“…For example, although public Wi-Fi can be insecure, a person might still use it to send an urgent email. Security fatigue [40] describes the cognitive load users face in following security, and a similar concept might exist for privacy. While privacy can still be aspired to as a principle, it is often sacrificed due to practical necessity.…”

Section: E the Opinion-action Disparitymentioning

confidence: 99%

Privacy is the Boring Bit: User Perceptions and Behaviour in the Internet-of-Things

Williams

Nurse

Creese

2017

2017 15th Annual Conference on Privacy, Security and Trust (PST)

View full text Add to dashboard Cite

In opinion polls, the public frequently claim to value their privacy. However, individuals often seem to overlook the principle, contributing to a disparity labelled the 'Privacy Paradox'. The growth of the Internet-of-Things (IoT) is frequently claimed to place privacy at risk. However, the Paradox remains underexplored in the IoT. In addressing this, we first conduct an online survey (N = 170) to compare public opinions of IoT and less-novel devices. Although we find users perceive privacy risks, many still decide to purchase smart devices. With the IoT rated less usable/familiar, we assert that it constrains protective behaviour. To explore this hypothesis, we perform contextualised interviews (N = 40) with the public. In these dialogues, owners discuss their opinions and actions with a personal device. We find the Paradox is significantly more prevalent in the IoT, frequently justified by a lack of awareness. We finish by highlighting the qualitative comments of users, and suggesting practical solutions to their issues. This is the first work, to our knowledge, to evaluate the Privacy Paradox over a broad range of technologies.

show abstract

Recognising and addressing ‘security fatigue’

Cited by 70 publications

References 1 publication

Choose your own training adventure: designing a gamified SETA artefact for improving information security and privacy through interactive storytelling

Choose your own training adventure: designing a gamified SETA artefact for improving information security and privacy through interactive storytelling

Gamification Techniques for Raising Cyber Security Awareness

Privacy is the Boring Bit: User Perceptions and Behaviour in the Internet-of-Things

Contact Info

Product

Resources

About