Integrating Facial Cues of Threat into Security Warnings – An fMRI and Field Study

Security risks often occur because insiders fail to react appropriately to security warnings, due to inattention to the warnings. This study extends security warning design research that has investigated the impact of different designs, including different symbols of threat such as yellow triangles and exclamation marks. This work uses media naturalness theory in an attempt to boost user engagement with security warnings. We integrated validated images of facial expressions depicting fear and disgust, which signaled an environmental threat, into a browser security warning. An fMRI study (N=23) revealed activity located in the right amygdala to be differentially associated among warnings with integrated expressions of fear, disgust, and neutral emotions compared to faceless stimuli. Behavioral measures of response time and self-reported attention were also supportive of the hypotheses. We also propose a follow-up field study using Mechanical Turk to corroborate the fMRI findings. Our work has implications for research and practice

A Picture vs. 1,000 Words: Threat Visualization and Verbalization in Information Security Fear Appeals

Fear appeals are messages designed to persuade individuals to adopt a recommended behavior by describing the danger associated with a particular threat. This paper focuses on the persuasive roles of threat-related images and text in information security fear appeals and describes a series of studies that use neurophysiological measures to investigate how a fear appeal’s threat verbalization and visualization drive emotion and cognition in order to motivate appropriate information security behavior

A Review on Cognitive Neuroscience in Information Security Behavior

NeuroIS is a hot topic of research in recent years, and cognitive neuroscience has found a new way to explain the underlying causes of human behavior in the field of information security research. By searching the research status of cognitive neuroscience in information security behavior research, we found that the number is gradually increasing, and the most frequently used neurocognitive tools are fMRI, EEG and eye tracking. Then a brief description of the application of each tool. Through combing the existing literature, it is found that cognitive neuroscience has become an important research subdomains in the information security behavior, and the research context has been clarified, which has provided guidance for subsequent research

Security Warning Messages Research: Past and Future

Research on the effects of IT security warning messages has increased in the last several years. Most studies empirically examining such warning messages chiefly focus on warning content and/or aesthetics and their effects on attention and/or behavior. Many of these studies cite the Communication-Human Information Processing (C-HIP) model as a foundation, yet this model includes other important and under-researched constructs, including perceptions of the source of a message, comprehension of a message, attitudes and beliefs, and fear. In this study, we performed a comprehensive literature review of empirically published studies on IT security warning messages. We propose a comprehensive theoretical model that entails both C-HIP and Protection Motivation Theory. We then categorize our catalog of IT security warning message research papers according to which propositions in our model have been previously studied. We focus specifically in this paper on those under-researched areas that provide opportunities for future research