Habituation effects in computer security warning

ABSTRACT

Security warning is a form of computer dialog communication that is used to inform the users on the risks of allowing random applications to run on a computer system. Accordingly, it is specifically designed to impersonate a legitimate security alerting function (e.g., notify, warn and advice) to a user about the consequence effect of an action. However, most of the computer users tend to ignore those security warnings conveying the same message over and over again. This eventually leads to habituation. Considering the fact that there is a significant lack of focus been paid to address this issue, the main objective of this paper is to describe and summarize the related studies on users’ habituation to the security warnings. This paper presents a systematic literature review to explore the current key issues, challenges and the possible solutions related to habituation effects in security warnings. It is expected that this paper could contribute to a more complete understanding of the habituation effects in security warnings and eventually bring benefits to the research communities or general publics.     

How users perceive and respond to security messages: a NeuroIS research agenda and empirical study

Users are vital to the information security of organizations. In spite of technical safeguards, users make many critical security decisions. An example is users’ responses to security messages – discrete communication designed to persuade users to either impair or improve their security status. Research shows that although users are highly susceptible to malicious messages (e.g., phishing attacks), they are highly resistant to protective messages such as security warnings. Research is therefore needed to better understand how users perceive and respond to security messages. In this article, we argue for the potential of NeuroIS – cognitive neuroscience applied to Information Systems – to shed new light on users’ reception of security messages in the areas of (1) habituation, (2) stress, (3) fear, and (4) dual-task interference. We present an illustrative study that shows the value of using NeuroIS to investigate one of our research questions. This example uses eye tracking to gain unique insight into how habituation occurs when people repeatedly view security messages, allowing us to design more effective security messages. Our results indicate that the eye movement-based memory (EMM) effect is a cause of habituation to security messages – a phenomenon in which people unconsciously scrutinize stimuli that they have previously seen less than other stimuli. We show that after only a few exposures to a warning, this neural aspect of habituation sets in rapidly, and continues with further repetitions. We also created a polymorphic warning that continually updates its appearance and found that it is effective in substantially reducing the rate of habituation as measured by the EMM effect. Our research agenda and empirical example demonstrate the promise of using NeuroIS to gain novel insight into users’ responses to security messages that will encourage more secure user behaviors and facilitate more effective security message designs.     

浅析提升windows系统安全的有效策略

windows系统是目前使用最广泛的计算机操作系统,该系统的一些默认配置如果不经用户的自行修改往往会产生很多不安全因素,比如更容易崩溃、中病毒或木马、被不法分子窥取您的资料等.本文在分析造成windows系统不安全原因的基础上,提出一些有效提升该系统安全性能的有效策略.     

计算机网络安全分析研究

计算机网络安全问题是关乎网络健康发展的重要前提,随着计算机网络在各个行业领域的深入渗透,人们对网络的依赖程度正在日益加深。网络的迅速发展,随之出现的网络安全问题也接踵而来。网络技术与人类社会生活已经息息相关,时刻影响并改造着人们的生活,由此可见,确保计算机网络安全显得十分重要。本文针对计算机网络安全产生的原因以及目前计算机网络安全所面临的威胁因素进行了分析,并提出了计算机网络安全的具体防护措施和有效方案,诣在提高计算机网络安全。     

计算机网络安全与防范

随着网络技术的不断完善更新,信息化已经成为了人类进步的一种发展趋势,但是信息化的网络社会,无疑又给计算机网络的安全问题带来了新的挑战.因此,对于计算机网络安全的探讨,便成了网络界一个热议的话题.本文通过对影响网络安全的一些主要原因进行分析,重点提出了相关的应对措施,以此来提高广大计算机用户的网络安全防范意识.     

保护您的数据

随着计算机的普及,计算机上数据已经成为比计算机本身还要宝贵的资源,提高数据的安全性和可用性成为计算机技术需要解决的重要问题之一。作为普通的计算机使用者如何更好的保护自己计算机的数据是大部分计算机用户所关心的技术,本文从普通用户的角度来探讨保护计算机上数据的有效的、可行的方案。     

数据加密技术在计算机安全中的应用分析

在经济社会飞速发展的今日,网络计算机已经成为人们工作生活的重要工具。网络的发展在给人们的工作生活带来便利的同时,也催生出了大量的网络黑客、计算机病毒,对计算机用户的信息安全带来极大的安全隐患。因此,进一步提高数据信息的保密性是当前计算机行业发展亟待解决的问题,本文章就数据加密技术在计算机安全中的应用做一浅显分析。     

数据加密技术在计算机安全中的应用

随着计算机网络技术的不断发展,计算机互联网在人们的生活中应用越来越广泛,网络安全问题也随之而来。目前的计算机安全存在着诸多因素的威胁,研究人员也在致力于这方面的研究与发展,应用先进的技术来保证计算机安全,为计算机用户的信息安全提供更高的保障。本文将针对计算机安全问题进行分析,探讨数据加密技术在计算机安全中的应用。     

用户数据的安全与防护

该文从四个方面分析了对用户数据安全的威胁:存贮介质损坏、病毒破坏、误操作和人为破坏,并针对目前计算机数据存在的安全威胁提出安全防护措施和拯救措施,以期广大用户能更好的保护数据。     

硬件支持的安全体系结构研究

当前，计算的安全性变得日益重要，而安全现状却变得越来越严重。为此，我们需要从计算机体系结构的层次尤其是在底层硬件基础上寻求更根本的安全解决方法。本文综合评价了若干有代表性的硬件支撑的安全体系结构，分析了其积极的效果和存在的问题。基于上述分析，提出了一种硬件支持的、独立于操作系统且由用户自我决断的安全体系
系结构。     

计算机使用安全的解决方案的探索

该文针对大多数没有计算机专业知识的使用者,探讨了计算机安全问题的原因,并给出计算机安全使用、避免损失的方法。     

计算机使用安全的解决方案的探索

该文针对大多数没有计算机专业知识的使用者,探讨了计算机安全问题的原因,并给出计算机安全使用、避免损失的方法。     

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.     

SSL VPN技术在计算机教学资源网络中的应用

本文首先对计算机教学资源网络面临的安全风险进行分析,接着简要介绍了SSL VPN技术的基本原理,由于传统的安全设备不能解决计算机教学资源网络中用户或者设备的身份认证问题、机密性问题、不可否认性问题等,针对这些问题,把SSL VPN技术运用于计算机教学资源网络,设计了一个多层次纵深的计算机教学资源网络安全防护系统,该系统具有安全性较高、高可用性、移动办公方便,访问控制严格的特点,并具有保密性、身份认证、不可否认性等特点。     

计算机网络安全及其防范对策

信息化时代的到来,网络的规模日趋增大,计算机用户数量也在急剧攀升,同时,一系列问题也逐渐显现了出来,又由于网络的大面积覆盖,造成计算机信息共享的同时,同时带来了一系列计算机网络安全问题.计算机安全问题已经成为社会公众的关注的焦点,对于此项问题需要多加关注,认真对待,采取合理适当的措施.对于此,本文对于计算机网络安全做了如下研究,同时对于其防范措施也进行了相关说明.     

“数字化校园”建设面临的网络风险与应对策略

作为"数字化校园"建设依托的基础平台,高校校园网有区别与其它企业网络的特殊性。面临着来自内部和外部的各类威胁。全局安全联动技术通过对入网用户主机信息的收集、安全性检查等措施将安全事件的预警、发现和处理工作集成到一个系统中,以多个安全子系统协同工作的方式实现了全局网络安全的目的,实现主动防御、自动修复、全局联动的功能。     

网络环境下企业计算机信息系统安全策略研究

计算机信息系统安全是保障企业计算机硬件、软件不因偶然和恶意的原因而遭到破坏、更改和泄露.论述了企业计算机信息系统安全的重要性,分析了企业计算机信息系统安全的基本要求,提出企业应在计算机硬件与环境、操作系统、网络、数据库和应用系统等方面采取有效策略,确保企业信息系统的安全.     

计算机网络安全新问题及对策研究

计算机网络安全问题和网络犯罪不断出现,使网络使用者对关于计算机网络安全的探讨也越来越重视。本文针对计算机网络安全方面存在的问题,通过对信息泄露的途径、网络攻击手段的分析,探讨了计算机网络的安全管理,提出了计算机网络安全防范的措施。     

Understanding Perceived Trust to Reduce Regret

Trust is fundamental for promoting the use of online services, such as e‐commerce or e‐health. Understanding how users perceive trust online is a precondition to create trustworthy marketplaces. In this article, we present a domain‐independent general trust perception model that helps us to understand how users make online trust decisions and how we can help them in making the right decisions, which minimize future regret. We also present the results of a user study describing the weight that different factors in the model (e.g., security, look&feel, and privacy) have on perceived trust. The study identifies the existence of a positive correlation between the user's knowledge and the importance placed on factors such as security and privacy. This indicates that the impact factors as security and privacy have on perceived trust is higher in users with higher knowledge.