How users perceive and respond to security messages: a NeuroIS research agenda and empirical study

نویسندگان

  • Bonnie Brinton Anderson
  • Anthony Vance
  • C. Brock Kirwan
  • David Eargle
  • Jeffrey L. Jenkins
چکیده

Received: 2 March 2014 Revised: 2 November 2015 Accepted: 10 November 2015 Abstract Users are vital to the information security of organizations. In spite of technical safeguards, users make many critical security decisions. An example is users’ responses to security messages – discrete communication designed to persuade users to either impair or improve their security status. Research shows that although users are highly susceptible to malicious messages (e.g., phishing attacks), they are highly resistant to protective messages such as security warnings. Research is therefore needed to better understand how users perceive and respond to security messages. In this article, we argue for the potential of NeuroIS – cognitive neuroscience applied to Information Systems – to shed new light on users’ reception of security messages in the areas of (1) habituation, (2) stress, (3) fear, and (4) dual-task interference. We present an illustrative study that shows the value of using NeuroIS to investigate one of our research questions. This example uses eye tracking to gain unique insight into how habituation occurs when people repeatedly view security messages, allowing us to design more effective security messages. Our results indicate that the eye movement-based memory (EMM) effect is a cause of habituation to security messages – a phenomenon in which people unconsciously scrutinize stimuli that they have previously seen less than other stimuli. We show that after only a few exposures to a warning, this neural aspect of habituation sets in rapidly, and continues with further repetitions. We also created a polymorphic warning that continually updates its appearance and found that it is effective in substantially reducing the rate of habituation as measured by the EMM effect. Our research agenda and empirical example demonstrate the promise of using NeuroIS to gain novel insight into users’ responses to security messages that will encourage more secure user behaviors and facilitate more effective security message designs. European Journal of Information Systems advance online publication, 23 February 2016; doi:10.1057/ejis.2015.21

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Users Aren't (Necessarily) Lazy: Using NeuroIS to Explain Habituation to Security Warnings

Warning messages are one of the last lines of defense in information security, and are fundamental to users’ security interactions with technology. Unfortunately, research shows that users routinely ignore security warnings. A key contributor to this disregard is habituation, the diminishing of attention through frequent exposure. However, previous research has examined habituation indirectly b...

متن کامل

On the Use of Neuropyhsiological Tools in IS Research: Developing a Research Agenda for NeuroIS

This article discusses the role of commonly-used neurophysiological tools such as psychophysiological tools (e.g., EKG, eye tracking) and neuroimaging tools (e.g., fMRI, EEG) in Information Systems (IS) research. There is heated interest now in the social sciences in capturing presumably objective data directly from the human body, and this interest in neurophysiological tools has also been gai...

متن کامل

Mass Media vs. the Mass of Media: A Study on the Human Nodes in a Social Network and their Chosen Messages

In Internet-based social networks, the nodes have the most pivotal role in the processes and outcomes of the networks. Whether they pay attention to a message in the network or ignore it defines the fate of the message. One message is shared and re-shared by millions of users and another is left forgotten. The current study tries to shed light on one aspect of the role of the users in a social ...

متن کامل

Users as the Biggest Threats to Security of Health Information Systems

There are a lot of researches in the world about attacks on information systems (IS). Although there have been many attempts to classify threats of IS’s especially in Health Information Systems (HIS), it is still necessary for all health organization to identify new threats and their sources which threaten security of health care domain. The main aim of this paper is to present a research agend...

متن کامل

Affecting User Behaviour and Experience with Music: A Research Agenda

Research into auditory interaction within a human-computer interaction (HCI) context has focused predominantly on using sounds to communicate information to users in the form of short, auditory messages. We propose that music could be included in interactive technologies with the objective of affecting users’ behaviour and their experiences, rather than simply to communicate information. This p...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • EJIS

دوره 25  شماره 

صفحات  -

تاریخ انتشار 2016