Abstract
Behavior-change interventions are common in some areas of human-computer interaction, but rare in the domain of cybersecurity. This paper introduces a structured approach to working with organisations in order to develop such behavioral interventions or ‘nudges’. This approach uses elements of co-creation together with a set of prompts from the behavior change literature (MINDSPACE) that allows resesarchers and organisational stakeholders to work together to identify a set of nudges that might promote best behavioral practice. We describe the structured approach or framework, which we call SCENE, and follow this description with a worked example of how the approach has been utilised effectively in the development of a nudge to mitigate insecure behaviors around selection of wireless networks.
Chapter PDF
Similar content being viewed by others
Keywords
References
NCSA (2012). 2012 NCSA / Symantec National Small Business Study. National Cyber Security Alliance, Symantec, JZ Analytics (October 2012)
Abraham, C., Michie, S.: A taxonomy of behavior change techniques used in interventions. Health Psychology 27(3), 379–387 (2008)
Ashford, W.: IT security awareness needs to be company-wide, says (ISC)2 (2012), http://www.computerweekly.com/news/2240163342/IT-security-needs-to-be-company-wide-says-ISC
Blythe, J.M.: Cyber security in the workplace: Understanding and promoting behavior change. In: Proceedings of CHI Italy Doctoral Symposium, Trento, September 1-10 (2013)
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: A study of rationality-based beliefs of information security awareness. MIS Quarterly 34(3), 523–548 (2010)
Burns, S., Roberts, L.: Applying the Theory of Planned Behavior to predicting online safety behavior. Crime Prevention and Community Safety 15(1), 48–64 (2013)
Davinson, N., Sillence, E.: It won’t happen to me: Promoting secure behavior among internet users. Computers in Human Behavior 26(6), 1739–1747 (2010)
Dolan, P., Hallsworth, M., Halpern, D., King, D., Metcalfe, R.: Influencing Behavior: The MINDSPACE way. Journal of Economic Psychology 33, 264–277 (2012)
Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Socio-technical study on the effect of trust and context when choosing wifi names. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 131–143. Springer, Heidelberg (2013)
Fogg, B.J.: Persuasive Technology: Using computers to change what we think and do. Morgan Kaufman (2002)
Furman, S.M., Theofanos, M.F., Choong, Y.-Y., Stanton, B.: Basing Cyber security Training on User Perceptions. IEEE Security and Privacy, 40–49 (March/April 2012)
Furnell, S., Rajendran, A.: Understanding the influences on information security behavior. Computer Fraud & Security, 12–15 (March 2012)
Gilovich, T., Griffin, D., Kahneman, D.: Heuristics and Biases: The Psychology of Intuitive Judgement. Cambridge University Press (2002)
Hareli, S., Rafaeli, A.: Emotion cycles: On the social influence of emotion in organizations. Research in Organizational Behavior 28, 35–59 (2008)
Hayes, D.: Does the messenger matter? Candidate-media agenda convergence and its effect on voter issue salience. Political Research Quarterly 61, 134–146 (2008)
Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems 47, 154–165 (2009)
Herzberg, A., Jbara, A.: Security and identification indicators for browsers against spoofing and phishing attacks. ACM Transactions on Internet Technology 8(4). Article 16, 36 (2008)
Ho, J.T., Dearman, D., Truong, K.N.: Improving users’ security choices on home wireless networks. In: Symposium on Usable Privacy and Security, SOUPS (2010)
Jeske, D., Coventry, L., Briggs, P., van Moorsel, A.: Nudging whom how: IT proficiency, impulse control and secure behavior. Paper submitted to “Personalizing Behavior Change Technologies” Workshop, Toronto, Canada (April 27, 2014)
Johnson, E.J., Shu, S.B., Dellaert, B.G.D., et al.: Beyond nudges: Tools of a choice architecture. Marketing Letters 23, 487–504 (2012)
Kay, A.C., Wheeler, S.C., Bargh, J.A., Ross, L.: Material priming: The influence of mundane physical objects on situational construal and competitive behavioral choice. Organizational Behavior and Human Decision Processes 95(1), 83–96 (2004)
Lamy, D., Leber, A., Egeth, H.E.: Effects of task relevance and stimulus-driven salience in feature-search mode. Journal of Experimental Psychology: Human Perception and Performance 30(6), 1019–1031 (2004)
Leach, J.: Improving user security behavior. Computers & Security 22(8), 685–692 (2003)
Li, H., Sarathy, R., Xu, H.: The role of affect and cognition on online consumers’ decision to disclose personal information to unfamiliar online vendors. Decision Support Systems 51, 434–445 (2011)
Li, Y.: Theories in online information privacy research: A critical review and an integrated framework. Decision Support Systems 54, 471–481 (2012)
Liang, H.: Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems 11(7), 394–403 (2010)
Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cybersecurity risk. Computers & Security 31, 597–611 (2012)
Pwc. 2013 Information Security Breaches Survey. Survey conducted by pwc for UK government Business and Innovation Department (2013), http://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf
Schneier, B.: Security Awareness Training. Schneier on Security (2013), https://www.schneier.com/blog/-archives/2013/03/security_awaren_1.html (retrieved November 26, 2013)
Shore, L.M., Wayne, S.J.: Commitment and employee behavior: Comparison of affective commitment and continuance commitment with perceived organizational support. Journal of Applied Psychology 78(5), 774–780 (1993)
Siponen, M.T.: A conceptual foundation for organizational information security awareness. Information Management & Computer Security 8(1), 31–41 (2000)
Thaler, R.H., Sunstein, C.R.: Nudge. Improving Decisions About Health, Wealth and Happiness. Penguin (2008)
Turland, J., Jeske, D., Coventry, L., Briggs, P., Laing, C., van Moorsel, A., Yevseyeva, I.: Nudging secure wireless network. Developing an application for wireless network selection for android phones. Conference paper, Mobile HCI, Conference, Toronto (September 2014)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Coventry, L., Briggs, P., Jeske, D., van Moorsel, A. (2014). SCENE: A Structured Means for Creating and Evaluating Behavioral Nudges in a Cyber Security Environment. In: Marcus, A. (eds) Design, User Experience, and Usability. Theories, Methods, and Tools for Designing the User Experience. DUXU 2014. Lecture Notes in Computer Science, vol 8517. Springer, Cham. https://doi.org/10.1007/978-3-319-07668-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-07668-3_23
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07667-6
Online ISBN: 978-3-319-07668-3
eBook Packages: Computer ScienceComputer Science (R0)