Security Messages: Or, How I Learned to Stop Disregarding and Heed the Warning

Attacks on information security continue to be reported in the media, and result in large losses for organizations. While some attacks are the result of sophisticated threats, others can be traced to failures by organizational insiders to observe basic security policies such as using caution when opening unsolicited email attachments. Faced with the challenges and time demands of everyday stressors, security policy compliance can be costly for individuals; security actions require time and distract attention from other primary tasks. This costliness can lead individuals to ignore prompts to perform security updates, scan their computers for threats, or reboot their computers to apply security updates. This dissertation contains three studies that address the following overarching research question: How can end-user adherence to security messages be better understood and improved, and how can theory inform security-message design? First, two complementary studies are presented that examine the integration of media naturalness theory into a security message context using field study and fMRI designs. Study 1, the field study, unobtrusively captures objective measures of attention from Amazon Mechanical Turk users (N=510) as they perform a between-subjects deception protocol. Study 2, the fMRI study, examines neural activations from a within-subjects participant design (N=23) in response to different security message designs with integrated emotive human facial expressions. Data from studies 1 and 2 show that warnings with integrated facial expressions of threat (fear, disgust) generally elicited greater adherence rates and higher evidence of cognition and elaboration than did warnings with integrated neutral facial expressions or than did warnings with no integrated facial expressions, supporting our hypotheses. Study 3 explores the pattern of risk taking and analysis that users engage in when interacting with interruptive security messages. The corroboration of multiple behavioral dependent variables suggests that users predominantly use a bimodal risk tradeoff paradigm when interacting with interruptive security messages. All three studies address the overarching research question of understanding and improving end user adherence to security messages

Oocytes boxplot in the gamete recruitment period.

<p>Boxplot between reproductive and environmental parameters during the gamete recruitment period. Median (solid horizontal line), first and third quartiles (box outline), minimum and maximum values (whiskers) and outliers (circles). See <a href="http://www.plosone.org/article/info:doi/10.1371/journal.pone.0171051#pone.0171051.t002" target="_blank">Table 2</a> for n values.</p

Oocytes analyses.

<p>Oocytes analyses.</p

Spermaries analyses.

<p>Spermaries analyses.</p

Mean abundance, gonadal index, and diameter of spermaries in each population for both reproductive periods.

<p>Mean abundance, gonadal index, and diameter of spermaries in each population for both reproductive periods.</p

Schematic model of comparison between oocyte abundance and population density in <i>L</i>. <i>pruvoti</i> (non-zooxanthellate) and <i>B</i>. <i>europaea</i> (zooxanthellate) along the temperature gradient.

<p>Oocyte abundance during the gamete recruitment period (gray line) and the gamete maturity period (black line) in <i>L</i>. <i>pruvoti</i> (present study) and in <i>B</i>. <i>europaea</i> [<a href="http://www.plosone.org/article/info:doi/10.1371/journal.pone.0171051#pone.0171051.ref027" target="_blank">27</a>]. Population density (dashed line) in the same species [<a href="http://www.plosone.org/article/info:doi/10.1371/journal.pone.0171051#pone.0171051.ref023" target="_blank">23</a>].</p

Mean abundance, gonadal index, and diameter of oocytes in each population for both reproductive periods.

<p>Mean abundance, gonadal index, and diameter of oocytes in each population for both reproductive periods.</p

Mean annual depth temperature (DT; °C) and solar radiation (SR; W/m²) from the sampled populations.

<p>Mean annual depth temperature (DT; °C) and solar radiation (SR; W/m²) from the sampled populations.</p

Oocyte size-frequency distribution.

<p>Distribution of oocyte size during the gamete recruitment period (grey line) and gamete maturity period (black line). Site codes in increasing order of DT (°C): CL, Calafuria; LB, Elba Isle; GN, Genova; SC, Scilla; PL, Palinuro; PN, Pantelleria Isle.</p