Published: February 26, 2017
Author(s)
Mary Theofanos (NIST), Brian Stanton (NIST), Susanne Furman (NIST), Sandra Spickard Prettyman (NIST), Simson Garfinkel (NIST)
Conference
Name: NDSS Symposium 2017
Dates: 02/26/2017 - 03/01/2017
Location: San Diego, California, United States
Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. This paper examines the differences in cybersecurity perception and behavior between cybersecurity experts in the US Government as contrasted with non-experts. The experts represent a very select group within United States Government Agencies who are directly responsible for cybersecurity guidance for the Federal Government. We used a semi-structured interview protocol to collect data from 23 experts and 21 non-experts. Interview questions addressed experiences, beliefs, and behaviors with respect to online security. Qualitative data techniques were used to code and analyze the data identifying themes related to the similarities and differences in expert and non-expert perceptions of and experiences with cybersecurity. The experts as a group don't trust, develop plans and are proactive in their approach to online security and see security as a personal challenge rather than a risky and potentially disrupting experience. In contrast, our non-experts trust too much, don't develop plans, and experience security with anxiety and fear.
Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. This paper examines...
See full abstract
Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. This paper examines the differences in cybersecurity perception and behavior between cybersecurity experts in the US Government as contrasted with non-experts. The experts represent a very select group within United States Government Agencies who are directly responsible for cybersecurity guidance for the Federal Government. We used a semi-structured interview protocol to collect data from 23 experts and 21 non-experts. Interview questions addressed experiences, beliefs, and behaviors with respect to online security. Qualitative data techniques were used to code and analyze the data identifying themes related to the similarities and differences in expert and non-expert perceptions of and experiences with cybersecurity. The experts as a group don't trust, develop plans and are proactive in their approach to online security and see security as a personal challenge rather than a risky and potentially disrupting experience. In contrast, our non-experts trust too much, don't develop plans, and experience security with anxiety and fear.
Hide full abstract
Keywords
cybersecurity; federal government; qualitative methods; user behaviors; usability
Control Families
None selected