User Modelling Validation over the Security Awareness of Digital Natives

Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices increases exponentially. A plethora of security risks associated with these devices are induced by design shortcomings and vulnerabilities related to user behavior. Therefore, deploying suitable risk treatments requires the investigation of how security experts perceive the digital natives (young people, born in the digital era), when utilizing their user behavior models in the design and analysis of related systems. In this article, we present the results of a survey performed across a multinational sample of security professionals, in comparison to our earlier study over the security awareness of digital natives. Through this study, we seek to identify divergences between user behavior and the conceptual user-models that security experts utilise in their professional tasks. Our results indicate that the experts understanding over the user behaviour does not follow a solidified user-model, while influences from personal perceptions and randomness are also noticeable.

[1]  L. Jean Camp,et al.  Mental models of privacy and security , 2009, IEEE Technology and Society Magazine.

[2]  L. Jean Camp,et al.  Mental Models of Security Risks , 2007, Financial Cryptography.

[3]  G. Norman Likert scales, levels of measurement and the “laws” of statistics , 2010, Advances in health sciences education : theory and practice.

[4]  Jacques Ophoff,et al.  Security awareness and adoption of security controls by smartphone users , 2015, 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec).

[5]  Mark Robinson,et al.  Exploring end-user smartphone security awareness within a South African context , 2014, 2014 Information Security for South Africa.

[6]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[7]  George K. Karagiannidis,et al.  Security Awareness of the Digital Natives , 2017, Inf..

[8]  Cormac Herley,et al.  So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[9]  Dimitris Gritzalis,et al.  A Qualitative Metrics Vector for the Awareness of Smartphone Security Users , 2013, TrustBus.

[10]  Igor Bernik,et al.  Safe use of mobile devices arises from knowing the threats , 2015, J. Inf. Secur. Appl..

[11]  Dimitris Gritzalis,et al.  Delegate the smartphone user? Security awareness in smartphone platforms , 2013, Comput. Secur..

[12]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[13]  Stefano Zanero,et al.  Security of the Digital Natives , 2014 .

[14]  Sue Bennett,et al.  The 'digital natives' debate: A critical review of the evidence , 2008, Br. J. Educ. Technol..

[15]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[16]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[17]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[18]  Blaž Markelj,et al.  Comprehension of cyber threats and their consequences in Slovenia , 2016, Comput. Law Secur. Rev..

[19]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[20]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[21]  M. Prensky Digital Natives, Digital Immigrants Part 1 , 2001 .