Usable Security: Revealing End-Users Comprehensions on Security Warnings

Abstract Security warning is a form communication between user and computer to inform the users on the risk of allowing random applications to run on the computer system. Security warning is designed to warn the users such as notify, inform and advice users about the consequence effect of an action. However, computer user s tend to ignore security warning due to the lack of attentions, did not understand the meaning of the warnings, difficulties on the technical jargon used, lack of motivation and users become habituated to security warning. Therefore, a survey was mounted online utilising 156 participants to investigate and to understand further general understanding of user’s perceptions on security warnings. This paper describes two main findings utilising Chi-Square and Cramer’s V test. The findings suggested that in all three scenarios, the results were not statistically significant. However, results portrayed in Cramer’s V test were in a better outlook. The result indicates on the need to look closely on each variable involves within the study sampling to improve the security warnings.

[1]  Daniel Muijs,et al.  Doing Quantitative Research in Education with SPSS , 2004 .

[2]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[3]  Zarul Fitri Zaaba,et al.  A study on improving security warnings , 2014, The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M).

[4]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[5]  Steven Furnell,et al.  The challenges of understanding and using security: A survey of end-users , 2006, Comput. Secur..

[6]  Ian Welch,et al.  Effectiveness of security by admonition: a case study of security warnings in a web browser setting , 2006 .

[7]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[8]  M. Jabor,et al.  Reporting and Interpreting Effect Size in Quantitative Agricultural Education Research. , 2011 .

[9]  Steven Hsu,et al.  A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings , 2011, SOUPS.

[10]  Evie McCrum-Gardner,et al.  Which is the correct statistical test to use? , 2008, The British journal of oral & maxillofacial surgery.

[11]  Enivaldo Carvalho da Rocha,et al.  When is statistical significance not significant , 2013 .

[12]  Cristian Bravo-Lillo Improving Computer Security Dialogs: An Exploration of Attention and Habituation , 2014 .

[13]  Kat Krol,et al.  Don't work. Can't work? Why it's time to rethink security warnings , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[14]  Bonnie Brinton Anderson,et al.  How Polymorphic Warnings Reduce Habituation in the Brain: Insights from an fMRI Study , 2015, CHI.

[15]  José Carlos Brustoloni,et al.  Improving security decisions with polymorphic and audited dialogs , 2007, SOUPS '07.