ta User Study PopJART: • Designed research proto- type tool that identifies attack websites with high probability • PopJART is an example security software that helps identify malicious websites. • Designing user interface routine to enhance risk awareness and self- efficacy . Interview: • In Part 1, participants answered self-efficacy and perceived risk questions. • In Part 2, participants viewed 8 websites and guessed whether those websites were safe or malicious and what criteria they used to make the decision. • In Part 3, PopJART was explained and they revisited the websites. After participants answered PopJART adoption questions. http://www.flickr.com/photos/mookies/90547700/lightbo x/ http://www.oprah.com/health/Your-Questions- Answered/5 Communicating Risk in Internet Security and Privacy (CRISP) Health Benefit Model (HBM): In this model, a target population’s likelihood to change their behavior is based on: • perceived susceptibility (perception of risk) • perceived severity • perceived benefits • perceived barriers (cues to action) • self-efficacy Security software interfaces should lead to behavior change. Why a Marginalized Community?: • Understanding the challenges in designing the user interfaces of security software • Targeting populations with • low-proficiency • limited access to computers and the internet • socio-economic hardship. Participants: • Advertised in a public computer lab run by a non- profit organization in a low- income neighborhood in SF. • Most of lab users live on social security and have low computer proficiency. Security software adoption Attacks on the Internet are highly sophisticated and hard for an average user to identify. Using security software is strongly recommended. How perceived risk and self-efficacy affect users’ behavior regarding Internet security “I’m extremely confident that I don’t know [how often I visit malicious websites].” Low self- efficacy affects perceived risk. 80% of those who thought they could differentiate safe and malicious websites said they would adopt PopJART. • Better self-efficacy may encourage security software adoption. 77% of those who thought malicious websites could cause harm just by visiting said they would adopt PopJART. Healthy User Behavior regarding Internet Security Perceived risk How susceptible I am to attacks on the Internet? The higher it is, the user is more likely to take cautions. Self-efficacy Am I competent to behave properly when I visit a malicious website? The higher self-efficacy is, the better. EJ Jung, Evelyn Y. Ho & Mark Sinclair University of San Francisco Hyewon Chung Chungnam National University Ongoing research with USF Undergraduates In our investigation we are observing a lower adoption rate. We hypothesize that participants with high self-efficacy and low perceived risk might be less likely to adopt the software. Perceived Risk and Self-Efficacy Regarding Internet Security in a Marginalized Community

CHI Poster draft for CARD 2015 03 30

Download PDF Report

Upload
mark-sinclair
View
64
Download
2

Embed Size (px)

Citation preview

Page 1: CHI Poster draft for CARD 2015 03 30

User Study

PopJART: • Designed research proto- type tool that identifies

attack websites with high probability

• PopJART is an example security software that helps identify malicious websites.

• Designing user interface routine to enhance risk awareness and self-efficacy .

Interview: • In Part 1, participants

answered self-efficacy and perceived risk questions.

• In Part 2, participants viewed 8 websites and guessed whether those websites were safe or malicious and what criteria they used to make the decision.

• In Part 3, PopJART was explained and they revisited the websites. After participants answered PopJART adoption questions.

http://www.flickr.com/photos/mookies/90547700/lightbox/

http://www.oprah.com/health/Your-Questions-Answered/5

Communicating Risk in Internet Security and

Privacy (CRISP)

Health Benefit Model (HBM): In this model, a target population’s likelihood to change their behavior is based on: • perceived susceptibility

(perception of risk) • perceived severity • perceived benefits • perceived barriers (cues to

action) • self-efficacy Security software interfaces should lead to behavior change. Why a Marginalized Community?: • Understanding the challenges

in designing the user interfaces of security software

• Targeting populations with • low-proficiency • limited access to

computers and the internet

• socio-economic hardship.

Participants: • Advertised in a public

computer lab run by a non-profit organization in a low-income neighborhood in SF.

• Most of lab users live on social security and have low computer proficiency.

Security software adoption

Attacks on the Internet are highly sophisticated and hard for an average user to identify. Using security software is strongly

recommended.

How perceived risk and self-efficacy affect users’ behavior regarding Internet security

“I’m extremely confident that I don’t know [how often I visit

malicious websites].” Low self-efficacy affects perceived risk.

80% of those who thought they could differentiate safe and malicious websites said they would adopt PopJART. • Better self-efficacy may

encourage security software adoption.

77% of those who thought

malicious websites could cause harm just by visiting said

they would adopt PopJART.

Healthy User Behavior regarding

Internet Security

Perceived risk

How susceptible I am to attacks on the Internet? The higher it is,

the user is more likely to take cautions.

Self-efficacy

Am I competent to behave properly when I visit a

malicious website? The higher self-efficacy is, the better.

EJ Jung, Evelyn Y. Ho & Mark Sinclair University of San Francisco

Hyewon Chung Chungnam National University

Ongoing research with USF Undergraduates

In our investigation we are observing a lower adoption rate. We hypothesize that participants with high self-efficacy and low perceived risk might be less likely to adopt the software.

Perceived Risk and Self-Efficacy Regarding Internet Security in a Marginalized Community