TY - CHAP
T1 - Mental Models – General Introduction and Review of Their Application to Human-Centred Security.
AU - Volkamer, Melanie
AU - Renaud, Karen
PY - 2015
Y1 - 2015
N2 - The human-centred security research area came into being about fifteen years ago, as more and more people started owning their own computers, and it became clear that there was a need for more focus on the non-specialist computer user. The primary attitude fifteen years ago, in terms of how these new users were concerned, was one of exasperation and paternalism. The term “stupid user” was often heard, often muttered sotto voce by an IT specialist dealing with the aftermath of a security incident. A great deal of research has been published in this area, and after pursuing some unfruitful avenues a number of eminent researchers have started to focus on the end-user’s perceptions and understandings. This has come from a realisation that end users are not the opponents, but rather allies in the battle against those carrying out nefarious activities. The most promising research direction currently appears to be to focus on mental models, a concept borrowed from the respected and long-standing field of Psychology and, in particular, cognitive science. The hope is that if we understand the end-user and his/her comprehension of security better, we will be able to design security solutions and interactions more effectively. In this paper we review the research undertaken in this area so far, highlight the limitations thereof, and suggest directions for future research.
AB - The human-centred security research area came into being about fifteen years ago, as more and more people started owning their own computers, and it became clear that there was a need for more focus on the non-specialist computer user. The primary attitude fifteen years ago, in terms of how these new users were concerned, was one of exasperation and paternalism. The term “stupid user” was often heard, often muttered sotto voce by an IT specialist dealing with the aftermath of a security incident. A great deal of research has been published in this area, and after pursuing some unfruitful avenues a number of eminent researchers have started to focus on the end-user’s perceptions and understandings. This has come from a realisation that end users are not the opponents, but rather allies in the battle against those carrying out nefarious activities. The most promising research direction currently appears to be to focus on mental models, a concept borrowed from the respected and long-standing field of Psychology and, in particular, cognitive science. The hope is that if we understand the end-user and his/her comprehension of security better, we will be able to design security solutions and interactions more effectively. In this paper we review the research undertaken in this area so far, highlight the limitations thereof, and suggest directions for future research.
KW - mental models
KW - risk communication
KW - general introduction
KW - security mechanism
KW - secure connection
U2 - 10.1007/978-3-642-42001-6_18
DO - 10.1007/978-3-642-42001-6_18
M3 - Chapter
SN - 9783642420009
VL - 8260
T3 - Lecture Notes in Computer Science book series
SP - 255
EP - 280
BT - Number Theory and Cryptography
A2 - Fischlin, Marc
A2 - Katzenbeisser, Stefan
PB - Springer
CY - Berlin
ER -