- Adams, A. and Sasse, A.S. Users are not the enemy. Commun. ACM 42, (1999) 40--46. Google ScholarDigital Library
- Borgida, E., and Nisbett, R.E. The differential impact of abstract vs. concrete information on decisions. J. Applied Social Psychology 7 (1977) 258--271.Google ScholarCross Ref
- Dhamija, R., Tygar, J.D., and Hearst, M. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montreal, Quebec, Canada, Apr. 22--27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. ACM, New York, 581--590. Google ScholarDigital Library
- Downs, J.S., Holbrook, M., and Cranor, L.F. Behavioral response to phishing risk. In Proceedings of the Anti-Phishing Working Groups 2nd Annual Ecrime Researchers Summit (Pittsburgh, PA, Oct. 4--5, 2007). ACM, New York, 37--44. Google ScholarDigital Library
- Greenwald, S.J., Olthoff, K.G., Raskin, V., and Ruch, W. The user non-acceptance paradigm: INFOSEC's dirty little secret. New Security Paradigms Workshop, 35--43. ACM, New York. Google ScholarDigital Library
- Slovic, P., Fischhoff, B., and Lichtenstein, S. Facts versus fears: Understanding perceived risks. Judgment under Uncertainty: Heuristics and Biases. D. Kahneman, P. Slovic, and A. Tversky, eds. Cambridge University Press, New York, 1986, 463-489.Google Scholar
- Smetters, D.K. and Grinter, R.E. Moving from the design of usable security technologies to the design of useful secure applications. New Security Paradigms Workshop. ACM, New York, 2002, 82--89. Google ScholarDigital Library
- Tversky, A. and Kahneman, D. Rational choice and the framing of decisions. J. Business 59 (1986), 251--278.Google ScholarCross Ref
- Whitten, A. and Tygar J.D. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium (1999). USENIX Association, Berkeley, CA, 169--184. Google ScholarDigital Library
- Wright, P. The harassed decision maker: Timer pressure, distractions, and the use of evidence. J. Applied Psychology 59, (1974), 555--561.Google ScholarCross Ref
- Yee, K.P. User interaction design for secure systems. Proceedings of the 4th International Conference on Information and Communications Security. Springer-Verlag, London, 2002. Google ScholarDigital Library
- Zurko, M.E. and Simon, R.T. User-centered security. New Security Paradigms Workshop. ACM, New York, 27--33. Google ScholarDigital Library
Index Terms
- The psychology of security
Recommendations
Labeling-in Security
Using exams to create labels for our workforce might sound like a way to get more trustworthy systems, but it's not. If it walks like a duck, quacks like a duck, and looks like a duck, then there's good reason to believe that it's a duck. But you don't ...
Composing Security Metrics
Security ProtocolsI have to apologise that, having been asked to set the pace, I have done something inadvertently terrible: I have prepared a presentation and a paper that's approximately in keeping with the theme of the workshop; that is entirely an accident, I have ...
From security protocols to systems security
Proceedings of the 11th international conference on Security ProtocolsPekka Nikander: Do you have any feeling for how much of this system you can model?
Reply: It's a moveable feast: you can choose the boundary. But if you don't have any boundary at all then I don't think you've got enough context...you need to talk about ...
Comments