ABSTRACT
The Security Behavior Intentions Scale (SeBIS) measures the computer security attitudes of end-users. Because intentions are a prerequisite for planned behavior, the scale could therefore be useful for predicting users' computer security behaviors. We performed three experiments to identify correlations between each of SeBIS's four sub-scales and relevant computer security behaviors. We found that testing high on the awareness sub-scale correlated with correctly identifying a phishing website; testing high on the passwords sub-scale correlated with creating passwords that could not be quickly cracked; testing high on the updating sub-scale correlated with applying software updates; and testing high on the securement sub-scale correlated with smartphone lock screen usage (e.g., PINs). Our results indicate that SeBIS predicts certain computer security behaviors and that it is a reliable and valid tool that should be used in future research.
- A. Acquisti and R. Gross. 2006. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In Privacy Enhancing Technologies Workshop (PET '06) (Lecture Notes in Computer Science), Vol. 4258. Springer-Verlag, Berlin / Heidelberg, Germany, 36--58. Google ScholarDigital Library
- Icek Ajzen. 1991. The theory of planned behavior. Organizational behavior and human decision processes 50, 2 (1991), 179--211.Google Scholar
- Tom Buchanan, Carina Paine, Adam N Joinson, and Ulf-Dietrich Reips. 2007. Development of measures of online privacy concern and protection for use on the Internet. Journal of the American Society for Information Science and Technology 58, 2 (2007), 157--165. Google ScholarDigital Library
- Serge Egelman and Eyal Peer. 2015. Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS). In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, New York, NY, USA, 2873--2882. DOI: http://dx.doi.org/10.1145/2702123.2702249 Google ScholarDigital Library
- Serge Egelman, Janice Tsai, Lorrie Faith Cranor, and Alessandro Acquisti. 2009. Timing is Everything?: The Effects of Timing and Placement of Online Privacy Indicators. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '09). ACM, New York, NY, USA, 319--328. DOI: http://dx.doi.org/10.1145/1518701.1518752 Google ScholarDigital Library
- Ponnurangam Kumaraguru and Lorrie Faith Cranor. December, 2005. Privacy Indexes: A Survey of Westin's Studies. Technical Report Carnegie Mellon University-ISRI-5--138. Carnegie Mellon University. http://reports-archive.adm.cs. cmu.edu/anon/isri2005/abstracts/05--138.html.Google Scholar
- Naresh K. Malhotra, Sung S. Kim, and James Agarwal. 2004. Internet Users' Information Privacy Concerns (IUIPC): The Construct, The Scale, and A Causal Model. Information Systems Research 15, 4 (December 2004), 336--355. Google ScholarDigital Library
- Anandatirtha Nandugudi, Anudipa Maiti, Taeyeon Ki, Fatih Bulut, Murat Demirbas, Tevfik Kosar, Chunming Qiao, Steven Y. Ko, and Geoffrey Challen. 2013. PhoneLab: A Large Programmable Smartphone Testbed. In Proceedings of First International Workshop on Sensing and Big Data Mining (SENSEMINE'13). ACM, New York, NY, USA, Article 4, 6 pages. DOI: http://dx.doi.org/10.1145/2536714.2536718 Google ScholarDigital Library
- Donald A. Norman. 1986. Cognitive Engineering. In User Centered System Design: New Perspectives on Human-Computer Interaction, Donald A. Norman and Stephen W. Draper (Eds.). Lawrence Erlbaum Associates, London, Chapter 3, 31--62.Google Scholar
- Eyal Peer, Joachim Vosgerau, and Alessandro Acquisti. 2014. Reputation as a sufficient condition for data quality on Amazon Mechanical Turk. Behavior Research Methods 46, 4 (December 2014), 1023--1031.Google ScholarCross Ref
- Sören Preibusch. 2013. Guide to Measuring Privacy Concern: Review of Survey and Observational Instruments. International Journal of Human-Computer Studies 71, 12 (Dec. 2013), 1133--1143. DOI: http://dx.doi.org/10.1016/j.ijhcs.2013.09.002 Google ScholarDigital Library
- Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay. 2015. Measuring Real-World Accuracies and Biases in Modeling Password Guessability. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 463--481. https: //www.usenix.org/conference/usenixsecurity15/ technical-sessions/presentation/ur Google ScholarDigital Library
Index Terms
- Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS)
Recommendations
Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsComputer security tools usually provide universal solutions without taking user characteristics (origin, income level, ...) into account. In this paper, we test the validity of using such universal security defenses, with a particular focus on culture. ...
Predicting privacy and security attitudes
While individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately ...
A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research
Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most appropriate, we conducted a systematic literature review of ...
Comments