An Assessment of Users' Cyber Security Risk Tolerance in Reward-Based Exchange

This study examines users’ risk-taking behavior in software downloads. We are interested in quantifying the degree of risks that users are willing to take in the cyber security context. We propose conducting an experiment using Amazon’s Mechanical Turk to assess the degree of risks that people are willing to take for monetary gains when they download software from uncertified sources.

[1]  Zhu Han,et al.  Improving Wireless Physical Layer Security via Cooperating Relays , 2010, IEEE Transactions on Signal Processing.

[2]  Kazuhisa Takemura,et al.  Influence of Elaboration on the Framing of Decision , 1994 .

[3]  Cheryl McCarty,et al.  Perceived Safety and Teen Risk Taking in Online Chat Sites , 2011, Cyberpsychology Behav. Soc. Netw..

[4]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[5]  Lorrie Faith Cranor,et al.  Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[6]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[7]  Louis Anthony Tony Cox,et al.  Some Limitations of “Risk = Threat × Vulnerability × Consequence” for Risk Analysis of Terrorist Attacks , 2008 .

[8]  A. Darwish,et al.  Eye tracking analysis of browser security indicators , 2012, 2012 International Conference on Computer Systems and Industrial Informatics.

[9]  Markus Jakobsson,et al.  Designing ethical phishing experiments: a study of (ROT13) rOnl query features , 2006, WWW '06.

[10]  Sanjay Goel,et al.  Got Phished? Internet Security and Human Vulnerability , 2017, J. Assoc. Inf. Syst..

[11]  Arun Vishwanath,et al.  Examining the Distinct Antecedents of E-Mail Habits and its Influence on the Outcomes of a Phishing Attack , 2015, J. Comput. Mediat. Commun..

[12]  A. Tversky,et al.  Prospect Theory : An Analysis of Decision under Risk Author ( s ) : , 2007 .

[13]  Heather Rosoff,et al.  Heuristics and biases in cyber security dilemmas , 2013, Environment Systems and Decisions.

[14]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[15]  F. P. Bresz People – Often the Weakest Link in Security, but One of the Best Places to Start , 2004 .

[16]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .

[17]  Fiona Fui-Hoon Nah,et al.  The Impact of Security Cues on User Perceived Security in e-Commerce , 2016, HCI.

[18]  A. Tversky,et al.  The framing of decisions and the psychology of choice. , 1981, Science.

[19]  Keng Siau,et al.  An Experimental Study on Ubiquitous commerce Adoption: Impact of Personalization and Privacy Concerns , 2008, J. Assoc. Inf. Syst..

[20]  A. Tversky,et al.  Evidential impact of base rates , 1981 .

[21]  Ryan T. Wright,et al.  Research Note - Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance , 2014, Inf. Syst. Res..

[22]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[23]  Mathias Ekstedt,et al.  Investigating personal determinants of phishing and the effect of national culture , 2015, Inf. Comput. Secur..

[24]  Ninghui Li,et al.  Influence of Risk/Safety Information Framing on Android App-Installation Decisions , 2015 .

[25]  Philip Bobko,et al.  Contextual effects on escalation processes in public sector decision making , 1986 .

[26]  Sunny Consolvo,et al.  Improving SSL Warnings: Comprehension and Adherence , 2015, CHI.

[27]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.